@chaprola/mcp-server 1.12.0 → 1.13.0

package/dist/index.js

@@ -119,6 +119,7 @@ const server = new McpServer({
 - "Concurrent writes will conflict" → Wrong. The merge-file model is concurrency-safe with dirty-bit checking. Multiple writers are handled transparently.
 - "Only for AI agents" → Wrong. Every operation is a plain HTTP POST. React, Laravel, Python, curl — any HTTP client works. The MCP server is a convenience wrapper.
 - "Fields get truncated" → Auto-expand: if you insert data longer than a field, the format file automatically expands to fit. No manual schema management needed.
+- "PHI flags can't be removed" → Wrong. Set phi_exempt on the project config via chaprola_config to disable all PHI detection for non-healthcare projects (e.g., video pipelines, task trackers).
 
 **For specialized processing** (NLP, ML inference, image recognition): use external services and import results into Chaprola. Chaprola is the data and compute layer, not the everything layer.
 
@@ -733,6 +734,19 @@ server.tool("chaprola_intent", "Read, write, or delete project and program inten
     const res = await authedFetch("/intent", body);
     return textResult(res);
 });
+// --- Project Config ---
+server.tool("chaprola_config", "Set project configuration. Currently supports phi_exempt (boolean) to disable automatic PHI detection for non-healthcare projects. Fields like step_name, task_name won't be flagged as PHI. Omit phi_exempt to read current config.", {
+    project: z.string().describe("Project name"),
+    phi_exempt: z.boolean().optional().describe("If true, disable all PHI detection and masking for this project. For non-healthcare data only."),
+    userid: z.string().optional().describe("Project owner's username. Defaults to the authenticated user."),
+}, async ({ project, phi_exempt, userid }) => withBaaCheck(async () => {
+    const { username } = getCredentials();
+    const body = { userid: userid || username, project };
+    if (phi_exempt !== undefined)
+        body.phi_exempt = phi_exempt;
+    const res = await authedFetch("/config", body);
+    return textResult(res);
+}));
 // --- Optimize (HULDRA) ---
 server.tool("chaprola_optimize", "Run HULDRA nonlinear optimization using a compiled .PR as the objective evaluator", {
     project: z.string().describe("Project name"),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chaprola/mcp-server",
-  "version": "1.12.0",
+  "version": "1.13.0",
   "description": "MCP server for Chaprola — agent-first data platform. Gives AI agents tools for structured data storage, record CRUD, querying, schema inspection, documentation lookup, web search, URL fetching, scheduled jobs, scoped site keys, and execution via plain HTTP.",
   "type": "module",
   "main": "dist/index.js",

package/references/gotchas.md

@@ -107,6 +107,9 @@ Every request body's `userid` must equal your username. 403 on mismatch.
 ### BAA only required for PHI
 The BAA is only needed if your data contains Protected Health Information (patient names, SSNs, dates of birth, etc.). Non-PHI data works without signing a BAA. If you get a 403 on a PHI-flagged field, either sign the BAA or rename the field to avoid PHI auto-detection.
 
+### PHI detection on non-healthcare projects
+If your fields get PHI-flagged incorrectly (e.g., step_name, task_name, video_name), set phi_exempt on the project via `POST /config {"userid": "...", "project": "...", "phi_exempt": true}` or `chaprola_config`. This disables all PHI detection and masking for the project.
+
 ### Async for large datasets
 `POST /run` with `async: true` for >100K records. API Gateway has a 30-second timeout; async bypasses it. Poll `/run/status` until `status: "done"`.