@ansvar/us-regulations-mcp 1.0.0

package/dist/tools/registry.js

@@ -0,0 +1,260 @@
+import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
+import { searchRegulations } from './search.js';
+import { getSection } from './section.js';
+import { listRegulations } from './list.js';
+import { compareRequirements } from './compare.js';
+import { mapControls } from './map.js';
+import { checkApplicability } from './applicability.js';
+import { getDefinitions } from './definitions.js';
+import { getEvidenceRequirements } from './evidence.js';
+import { getComplianceActionItems } from './action-items.js';
+/**
+ * Centralized registry of all MCP tools.
+ * Single source of truth for both stdio and HTTP servers.
+ */
+export const TOOLS = [
+    {
+        name: 'search_regulations',
+        description: 'Search across all US regulations using full-text search. Returns relevant sections with highlighted snippets. Token-efficient: returns 32-token snippets with >>> <<< markers around matched terms.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                query: {
+                    type: 'string',
+                    description: 'Search query (supports natural language and technical terms)',
+                },
+                regulations: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'Optional: Filter results to specific regulations (e.g., ["HIPAA", "CCPA"])',
+                },
+                limit: {
+                    type: 'number',
+                    description: 'Maximum number of results to return (default: 10, max: 1000)',
+                    default: 10,
+                },
+            },
+            required: ['query'],
+        },
+        handler: async (db, args) => {
+            return await searchRegulations(db, args);
+        },
+    },
+    {
+        name: 'get_section',
+        description: 'Retrieve the full text of a specific regulation section. Returns section content, metadata, and cross-references. Large sections are automatically truncated with a warning.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                regulation: {
+                    type: 'string',
+                    description: 'Regulation ID (e.g., "HIPAA", "CCPA")',
+                },
+                section: {
+                    type: 'string',
+                    description: 'Section number (e.g., "164.502", "1798.100")',
+                },
+            },
+            required: ['regulation', 'section'],
+        },
+        handler: async (db, args) => {
+            return await getSection(db, args);
+        },
+    },
+    {
+        name: 'list_regulations',
+        description: 'List all available regulations or get the structure of a specific regulation. Without parameters, returns all regulations with metadata. With a regulation ID, returns chapters and sections organized hierarchically.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                regulation: {
+                    type: 'string',
+                    description: 'Optional: Regulation ID to get detailed structure for (e.g., "HIPAA")',
+                },
+            },
+        },
+        handler: async (db, args) => {
+            return await listRegulations(db, args);
+        },
+    },
+    {
+        name: 'compare_requirements',
+        description: 'Compare requirements across multiple regulations for a specific topic. Searches each regulation and returns the top matching sections with relevance scores.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                topic: {
+                    type: 'string',
+                    description: 'Topic to compare (e.g., "breach notification", "access controls")',
+                },
+                regulations: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'List of regulations to compare (e.g., ["HIPAA", "CCPA"])',
+                },
+            },
+            required: ['topic', 'regulations'],
+        },
+        handler: async (db, args) => {
+            return await compareRequirements(db, args);
+        },
+    },
+    {
+        name: 'map_controls',
+        description: 'Map NIST controls (800-53, CSF) to regulation sections. Shows which regulatory requirements satisfy specific control objectives. Can filter by control ID or regulation.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                framework: {
+                    type: 'string',
+                    description: 'Control framework (e.g., "NIST_CSF", "NIST_800_53", "ISO27001")',
+                },
+                control: {
+                    type: 'string',
+                    description: 'Optional: Specific control ID (e.g., "AC-1", "PR.AC-1")',
+                },
+                regulation: {
+                    type: 'string',
+                    description: 'Optional: Filter to specific regulation (e.g., "HIPAA")',
+                },
+            },
+            required: ['framework'],
+        },
+        handler: async (db, args) => {
+            return await mapControls(db, args);
+        },
+    },
+    {
+        name: 'check_applicability',
+        description: 'Determine which regulations apply to a specific sector or subsector. Returns applicable regulations with confidence levels (definite, likely, possible).',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                sector: {
+                    type: 'string',
+                    description: 'Industry sector (e.g., "healthcare", "financial", "retail", "technology")',
+                },
+                subsector: {
+                    type: 'string',
+                    description: 'Optional: Specific subsector (e.g., "hospital", "bank", "e-commerce")',
+                },
+            },
+            required: ['sector'],
+        },
+        handler: async (db, args) => {
+            return await checkApplicability(db, args);
+        },
+    },
+    {
+        name: 'get_definitions',
+        description: 'Look up official term definitions across regulations. Uses partial matching to find terms (e.g., "health" matches "protected health information").',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                term: {
+                    type: 'string',
+                    description: 'Term to look up (e.g., "protected health information", "personal data")',
+                },
+                regulation: {
+                    type: 'string',
+                    description: 'Optional: Filter to specific regulation (e.g., "HIPAA")',
+                },
+            },
+            required: ['term'],
+        },
+        handler: async (db, args) => {
+            return await getDefinitions(db, args);
+        },
+    },
+    {
+        name: 'get_evidence_requirements',
+        description: 'Get compliance evidence requirements for a specific section (e.g., audit logs, policies, procedures). MVP: Returns placeholder until evidence data is seeded.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                regulation: {
+                    type: 'string',
+                    description: 'Regulation ID (e.g., "HIPAA")',
+                },
+                section: {
+                    type: 'string',
+                    description: 'Section number (e.g., "164.312(b)")',
+                },
+            },
+            required: ['regulation', 'section'],
+        },
+        handler: async (db, args) => {
+            return await getEvidenceRequirements(db, args);
+        },
+    },
+    {
+        name: 'get_compliance_action_items',
+        description: 'Generate structured compliance action items from regulation sections. Extracts priority (high/medium/low) based on regulatory language and identifies evidence needed.',
+        inputSchema: {
+            type: 'object',
+            properties: {
+                regulation: {
+                    type: 'string',
+                    description: 'Regulation ID (e.g., "HIPAA", "CCPA")',
+                },
+                sections: {
+                    type: 'array',
+                    items: { type: 'string' },
+                    description: 'Section numbers to generate action items for (e.g., ["164.308(a)(1)(ii)(A)", "164.312(b)"])',
+                },
+            },
+            required: ['regulation', 'sections'],
+        },
+        handler: async (db, args) => {
+            return await getComplianceActionItems(db, args);
+        },
+    },
+];
+/**
+ * Register all tools with an MCP server instance.
+ * Use this for both stdio and HTTP servers to ensure parity.
+ */
+export function registerTools(server, db) {
+    // List available tools
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: TOOLS.map(tool => ({
+            name: tool.name,
+            description: tool.description,
+            inputSchema: tool.inputSchema,
+        })),
+    }));
+    // Handle tool calls
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name, arguments: args } = request.params;
+        const tool = TOOLS.find(t => t.name === name);
+        if (!tool) {
+            return {
+                content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+                isError: true,
+            };
+        }
+        try {
+            const result = await tool.handler(db, args || {});
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: typeof result === 'string' ? result : JSON.stringify(result, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: 'text',
+                        text: `Error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+//# sourceMappingURL=registry.js.map

package/dist/tools/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/tools/registry.ts"],"names":[],"mappings":"AACA,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,iBAAiB,EAAe,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAmB,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAa,MAAM,WAAW,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAgB,MAAM,cAAc,CAAC;AACjE,OAAO,EAAE,WAAW,EAAoB,MAAM,UAAU,CAAC;AACzD,OAAO,EAAE,kBAAkB,EAAsB,MAAM,oBAAoB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAoB,MAAM,kBAAkB,CAAC;AACpE,OAAO,EAAE,uBAAuB,EAAiB,MAAM,eAAe,CAAC;AACvE,OAAO,EAAE,wBAAwB,EAAoB,MAAM,mBAAmB,CAAC;AAS/E;;;GAGG;AACH,MAAM,CAAC,MAAM,KAAK,GAAqB;IACrC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,qMAAqM;QAClN,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,8DAA8D;iBAC5E;gBACD,WAAW,EAAE;oBACX,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,4EAA4E;iBAC1F;gBACD,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,8DAA8D;oBAC3E,OAAO,EAAE,EAAE;iBACZ;aACF;YACD,QAAQ,EAAE,CAAC,OAAO,CAAC;SACpB;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,iBAAiB,CAAC,EAAE,EAAE,IAAmB,CAAC,CAAC;QAC1D,CAAC;KACF;IACD;QACE,IAAI,EAAE,aAAa;QACnB,WAAW,EAAE,8KAA8K;QAC3L,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uCAAuC;iBACrD;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,8CAA8C;iBAC5D;aACF;YACD,QAAQ,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SACpC;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,UAAU,CAAC,EAAE,EAAE,IAAuB,CAAC,CAAC;QACvD,CAAC;KACF;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,wNAAwN;QACrO,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uEAAuE;iBACrF;aACF;SACF;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,eAAe,CAAC,EAAE,EAAE,IAAiB,CAAC,CAAC;QACtD,CAAC;KACF;IACD;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,8JAA8J;QAC3K,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,KAAK,EAAE;oBACL,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,mEAAmE;iBACjF;gBACD,WAAW,EAAE;oBACX,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,0DAA0D;iBACxE;aACF;YACD,QAAQ,EAAE,CAAC,OAAO,EAAE,aAAa,CAAC;SACnC;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,mBAAmB,CAAC,EAAE,EAAE,IAAoB,CAAC,CAAC;QAC7D,CAAC;KACF;IACD;QACE,IAAI,EAAE,cAAc;QACpB,WAAW,EAAE,0KAA0K;QACvL,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iEAAiE;iBAC/E;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yDAAyD;iBACvE;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yDAAyD;iBACvE;aACF;YACD,QAAQ,EAAE,CAAC,WAAW,CAAC;SACxB;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,WAAW,CAAC,EAAE,EAAE,IAAwB,CAAC,CAAC;QACzD,CAAC;KACF;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,0JAA0J;QACvK,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,2EAA2E;iBACzF;gBACD,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uEAAuE;iBACrF;aACF;YACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;SACrB;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,kBAAkB,CAAC,EAAE,EAAE,IAA0B,CAAC,CAAC;QAClE,CAAC;KACF;IACD;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,oJAAoJ;QACjK,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,IAAI,EAAE;oBACJ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yEAAyE;iBACvF;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,yDAAyD;iBACvE;aACF;YACD,QAAQ,EAAE,CAAC,MAAM,CAAC;SACnB;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,cAAc,CAAC,EAAE,EAAE,IAAwB,CAAC,CAAC;QAC5D,CAAC;KACF;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,WAAW,EAAE,+JAA+J;QAC5K,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,+BAA+B;iBAC7C;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,qCAAqC;iBACnD;aACF;YACD,QAAQ,EAAE,CAAC,YAAY,EAAE,SAAS,CAAC;SACpC;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,uBAAuB,CAAC,EAAE,EAAE,IAAqB,CAAC,CAAC;QAClE,CAAC;KACF;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,wKAAwK;QACrL,WAAW,EAAE;YACX,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE;gBACV,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,uCAAuC;iBACrD;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,WAAW,EAAE,6FAA6F;iBAC3G;aACF;YACD,QAAQ,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC;SACrC;QACD,OAAO,EAAE,KAAK,EAAE,EAAqB,EAAE,IAAS,EAAE,EAAE;YAClD,OAAO,MAAM,wBAAwB,CAAC,EAAE,EAAE,IAAwB,CAAC,CAAC;QACtE,CAAC;KACF;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,MAAc,EAAE,EAAqB;IACjE,uBAAuB;IACvB,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC,CAAC;KACJ,CAAC,CAAC,CAAC;IAEJ,oBAAoB;IACpB,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAE9C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;gBAC1D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;YAClD,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;qBAC5E;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,UAAU,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;qBAC3E;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/search.d.ts

@@ -0,0 +1,15 @@
+import type { Database } from 'better-sqlite3';
+export interface SearchInput {
+    query: string;
+    regulations?: string[];
+    limit?: number;
+}
+export interface SearchResult {
+    regulation: string;
+    section: string;
+    title: string;
+    snippet: string;
+    relevance: number;
+}
+export declare function searchRegulations(db: Database, input: SearchInput): Promise<SearchResult[]>;
+//# sourceMappingURL=search.d.ts.map

package/dist/tools/search.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.d.ts","sourceRoot":"","sources":["../../src/tools/search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE/C,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAyCD,wBAAsB,iBAAiB,CACrC,EAAE,EAAE,QAAQ,EACZ,KAAK,EAAE,WAAW,GACjB,OAAO,CAAC,YAAY,EAAE,CAAC,CAyEzB"}

package/dist/tools/search.js

@@ -0,0 +1,94 @@
+/**
+ * Escape special FTS5 query characters and build optimal search query.
+ * Uses adaptive logic:
+ * - Short queries (1-3 words): AND logic with exact matching for precision
+ * - Long queries (4+ words): OR logic with prefix matching for recall
+ * This prevents empty results on complex queries while maintaining precision on simple ones.
+ *
+ * Handles hyphenated terms by converting them to spaces (e.g., "third-party" → "third party")
+ * to avoid FTS5 syntax errors where hyphens are interpreted as operators.
+ */
+function escapeFts5Query(query) {
+    // Common stopwords that add noise to searches
+    const stopwords = new Set(['a', 'an', 'the', 'and', 'or', 'but', 'in', 'on', 'at', 'to', 'for', 'of', 'with', 'by']);
+    // Normalize query: remove quotes, convert hyphens to spaces
+    // This allows "third-party" to become "third party" which FTS5 handles naturally
+    const words = query
+        .replace(/['"]/g, '') // Remove quotes
+        .replace(/-/g, ' ') // Convert hyphens to spaces (fixes "third-party" → "third party")
+        .split(/\s+/)
+        .filter(word => word.length > 2 && !stopwords.has(word.toLowerCase())); // Filter short words and stopwords
+    if (words.length === 0) {
+        return '';
+    }
+    if (words.length <= 2) {
+        // Short queries (1-2 words): Use AND logic with prefix matching for precision
+        // Example: "incident reporting" → incident* reporting*
+        // Prefix matching handles word variations (encrypt vs encryption)
+        return words.map(word => `${word}*`).join(' ');
+    }
+    else {
+        // Long queries (3+ words): Use OR logic with prefix matching for better recall
+        // Example: "encryption transmission storage" → encryption* OR transmission* OR storage*
+        // BM25 will still rank documents with more matches higher
+        return words.map(word => `${word}*`).join(' OR ');
+    }
+}
+export async function searchRegulations(db, input) {
+    let { query, regulations, limit = 10 } = input;
+    // Validate and sanitize limit parameter
+    if (!Number.isFinite(limit) || limit < 0) {
+        limit = 10; // Default to safe value
+    }
+    // Cap at reasonable maximum
+    limit = Math.min(Math.floor(limit), 1000);
+    if (!query || query.trim().length === 0) {
+        throw new Error('Query cannot be empty. Please provide a search term.');
+    }
+    const escapedQuery = escapeFts5Query(query);
+    if (!escapedQuery) {
+        return [];
+    }
+    const params = [escapedQuery];
+    // Build optional regulation filter
+    let regulationFilter = '';
+    if (regulations && regulations.length > 0) {
+        const placeholders = regulations.map(() => '?').join(', ');
+        regulationFilter = ` AND regulation IN (${placeholders})`;
+        params.push(...regulations);
+    }
+    // Search in sections
+    const sectionsQuery = `
+    SELECT
+      sections_fts.regulation,
+      sections_fts.section_number as section,
+      sections_fts.title,
+      snippet(sections_fts, 3, '>>>', '<<<', '...', 32) as snippet,
+      bm25(sections_fts) as relevance
+    FROM sections_fts
+    WHERE sections_fts MATCH ?
+    ${regulationFilter}
+    ORDER BY bm25(sections_fts)
+    LIMIT ?
+  `;
+    try {
+        // Execute query
+        const sectionsParams = [...params, limit];
+        const sectionStmt = db.prepare(sectionsQuery);
+        const sectionRows = sectionStmt.all(...sectionsParams);
+        // BM25 returns negative scores; convert to positive for clarity
+        const results = sectionRows.map(row => ({
+            ...row,
+            relevance: Math.abs(row.relevance),
+        }));
+        return results;
+    }
+    catch (error) {
+        // If FTS5 query fails (e.g., syntax error), return empty results
+        if (error instanceof Error && error.message.includes('fts5')) {
+            return [];
+        }
+        throw error;
+    }
+}
+//# sourceMappingURL=search.js.map

package/dist/tools/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sourceRoot":"","sources":["../../src/tools/search.ts"],"names":[],"mappings":"AAgBA;;;;;;;;;GASG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,8CAA8C;IAC9C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC;IAErH,4DAA4D;IAC5D,iFAAiF;IACjF,MAAM,KAAK,GAAG,KAAK;SAChB,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,gBAAgB;SACrC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,kEAAkE;SACrF,KAAK,CAAC,KAAK,CAAC;SACZ,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,mCAAmC;IAE7G,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACtB,8EAA8E;QAC9E,uDAAuD;QACvD,kEAAkE;QAClE,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,+EAA+E;QAC/E,wFAAwF;QACxF,0DAA0D;QAC1D,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,EAAY,EACZ,KAAkB;IAElB,IAAI,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,GAAG,EAAE,EAAE,GAAG,KAAK,CAAC;IAE/C,wCAAwC;IACxC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QACzC,KAAK,GAAG,EAAE,CAAC,CAAC,wBAAwB;IACtC,CAAC;IACD,4BAA4B;IAC5B,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,CAAC;IAE1C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,YAAY,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IAE5C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAwB,CAAC,YAAY,CAAC,CAAC;IAEnD,mCAAmC;IACnC,IAAI,gBAAgB,GAAG,EAAE,CAAC;IAC1B,IAAI,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,gBAAgB,GAAG,uBAAuB,YAAY,GAAG,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;IAC9B,CAAC;IAED,qBAAqB;IACrB,MAAM,aAAa,GAAG;;;;;;;;;MASlB,gBAAgB;;;GAGnB,CAAC;IAEF,IAAI,CAAC;QACH,gBAAgB;QAChB,MAAM,cAAc,GAAG,CAAC,GAAG,MAAM,EAAE,KAAK,CAAC,CAAC;QAE1C,MAAM,WAAW,GAAG,EAAE,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAE9C,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,cAAc,CAMnD,CAAC;QAEH,gEAAgE;QAChE,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACtC,GAAG,GAAG;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC;SACnC,CAAC,CAAC,CAAC;QAEJ,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,iEAAiE;QACjE,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/tools/section.d.ts

@@ -0,0 +1,19 @@
+import type { Database } from 'better-sqlite3';
+export interface GetSectionInput {
+    regulation: string;
+    section: string;
+}
+export interface SectionData {
+    regulation: string;
+    section_number: string;
+    title: string | null;
+    text: string;
+    chapter: string | null;
+    parent_section: string | null;
+    cross_references: string[] | null;
+    truncated?: boolean;
+    original_length?: number;
+    token_estimate?: number;
+}
+export declare function getSection(db: Database, input: GetSectionInput): Promise<SectionData | null>;
+//# sourceMappingURL=section.d.ts.map

package/dist/tools/section.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"section.d.ts","sourceRoot":"","sources":["../../src/tools/section.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE/C,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,gBAAgB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAClC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,wBAAsB,UAAU,CAC9B,EAAE,EAAE,QAAQ,EACZ,KAAK,EAAE,eAAe,GACrB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CA6D7B"}

package/dist/tools/section.js

@@ -0,0 +1,50 @@
+export async function getSection(db, input) {
+    const { regulation, section } = input;
+    const sql = `
+    SELECT
+      regulation,
+      section_number,
+      title,
+      text,
+      chapter,
+      parent_section,
+      cross_references
+    FROM sections
+    WHERE regulation = ? AND section_number = ?
+  `;
+    const row = db.prepare(sql).get(regulation, section);
+    if (!row) {
+        return null;
+    }
+    // Token management: Truncate very large sections to prevent context overflow
+    const MAX_CHARS = 50000; // ~12,500 tokens (safe for 200k context window)
+    const originalLength = row.text.length;
+    const tokenEstimate = Math.ceil(originalLength / 4); // ~4 chars per token
+    let text = row.text;
+    let truncated = false;
+    if (originalLength > MAX_CHARS) {
+        text = row.text.substring(0, MAX_CHARS) + '\n\n[... Section truncated due to length. Original: ' + originalLength + ' chars (~' + tokenEstimate + ' tokens). Use search_regulations to find specific content.]';
+        truncated = true;
+    }
+    return {
+        regulation: row.regulation,
+        section_number: row.section_number,
+        title: row.title,
+        text,
+        chapter: row.chapter,
+        parent_section: row.parent_section,
+        cross_references: row.cross_references ? (() => {
+            try {
+                return JSON.parse(row.cross_references);
+            }
+            catch {
+                console.warn(`Invalid cross_references JSON for ${row.regulation} ${row.section_number}`);
+                return null;
+            }
+        })() : null,
+        truncated,
+        original_length: truncated ? originalLength : undefined,
+        token_estimate: truncated ? tokenEstimate : undefined,
+    };
+}
+//# sourceMappingURL=section.js.map

package/dist/tools/section.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"section.js","sourceRoot":"","sources":["../../src/tools/section.ts"],"names":[],"mappings":"AAoBA,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAY,EACZ,KAAsB;IAEtB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAEtC,MAAM,GAAG,GAAG;;;;;;;;;;;GAWX,CAAC;IAEF,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAQtC,CAAC;IAEd,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6EAA6E;IAC7E,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,gDAAgD;IACzE,MAAM,cAAc,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC;IACvC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,qBAAqB;IAC1E,IAAI,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IACpB,IAAI,SAAS,GAAG,KAAK,CAAC;IAEtB,IAAI,cAAc,GAAG,SAAS,EAAE,CAAC;QAC/B,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,GAAG,sDAAsD,GAAG,cAAc,GAAG,WAAW,GAAG,aAAa,GAAG,6DAA6D,CAAC;QAChN,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;IAED,OAAO;QACL,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,cAAc,EAAE,GAAG,CAAC,cAAc;QAClC,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,IAAI;QACJ,OAAO,EAAE,GAAG,CAAC,OAAO;QACpB,cAAc,EAAE,GAAG,CAAC,cAAc;QAClC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE;YAC7C,IAAI,CAAC;gBACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC1C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC;gBAC1F,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI;QACX,SAAS;QACT,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;QACvD,cAAc,EAAE,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS;KACtD,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@ansvar/us-regulations-mcp",
+  "version": "1.0.0",
+  "mcpName": "us.ansvar/us-regulations-mcp",
+  "description": "MCP server for US cybersecurity and privacy regulations. Query HIPAA, CCPA, SOX, and more directly from Claude.",
+  "main": "dist/index.js",
+  "type": "module",
+  "bin": {
+    "us-regulations-mcp": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist && find . -name '*.tsbuildinfo' -not -path './node_modules/*' -delete",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "build:db": "tsx scripts/build-db.ts",
+    "ingest": "tsx scripts/ingest.ts",
+    "load-seed": "tsx scripts/load-seed-data.ts",
+    "test:mcp": "tsx scripts/test-mcp-tools.ts",
+    "lint": "eslint src --ext .ts",
+    "prepare": "test -f dist/index.js || npm run build",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "compliance",
+    "hipaa",
+    "ccpa",
+    "sox",
+    "us-regulations",
+    "cybersecurity",
+    "privacy",
+    "healthcare",
+    "financial",
+    "sarbanes-oxley",
+    "california-consumer-privacy-act",
+    "claude",
+    "llm"
+  ],
+  "author": "Ansvar Systems <hello@ansvar.eu> (https://ansvar.eu)",
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Ansvar-Systems/US_compliance_MCP.git"
+  },
+  "bugs": {
+    "url": "https://github.com/Ansvar-Systems/US_compliance_MCP/issues"
+  },
+  "homepage": "https://ansvar.eu",
+  "engines": {
+    "node": ">=18"
+  },
+  "files": [
+    "dist",
+    "data",
+    "scripts",
+    "src"
+  ],
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/cheerio": "^0.22.35",
+    "@types/node": "^25.0.10",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.25.3",
+    "better-sqlite3": "^12.6.2",
+    "cheerio": "^1.2.0",
+    "fast-xml-parser": "^5.3.3"
+  }
+}