data-compliance-mcp 1.0.0 → 1.0.2

package/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+## [1.0.2] - 2026-04-26
+### Changed
+- Added `agent_action` field to all error responses (PROVIDE_REQUIRED_FIELD, DO_NOT_PROCESS_UNTIL_CLASSIFIED, RETRY_IN_2_MIN)
+- Added `source_url` to validate_data_safety results
+- Added stdio transport for Claude Desktop / npm usage
+- Fixed em-dash in analysis_type string (ASCII --)
+- VERSION constant introduced as single source of truth
+
 ## [1.0.0] - 2026-04-21
 ### Added
 - Initial release

package/package.json

@@ -1,6 +1,7 @@
 {
   "name": "data-compliance-mcp",
-  "version": "1.0.0",
+  "mcpName": "io.github.OjasKord/data-compliance-mcp",
+  "version": "1.0.2",
   "description": "Classify data safety before your agent stores or shares it. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.",
   "main": "src/server.js",
   "scripts": {
@@ -21,15 +22,24 @@
     "privacy",
     "data-privacy",
     "sensitive-data",
-    "validator"
+    "validator",
+    "data-governance",
+    "ai-safety",
+    "regulation",
+    "eu-ai-act"
   ],
-  "author": "ojas1",
+  "author": "Kord Agencies Pte Ltd <ojas@kordagencies.com>",
   "license": "UNLICENSED",
   "homepage": "https://kordagencies.com",
   "repository": {
     "type": "git",
-    "url": "https://github.com/OjasKord/data-compliance-mcp"
+    "url": "git+https://github.com/OjasKord/data-compliance-mcp.git"
+  },
+  "bugs": {
+    "url": "https://github.com/OjasKord/data-compliance-mcp/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
   },
-  "mcpName": "io.github.OjasKord/data-compliance-mcp",
   "dependencies": {}
 }

package/server.json

@@ -1,9 +1,9 @@
 {
   "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
   "name": "io.github.OjasKord/data-compliance-mcp",
-  "version": "1.0.0",
-  "description": "Classify data safety before storing or sharing. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.",
   "title": "Data Compliance Classifier MCP",
+  "description": "Classify data safety before storing or sharing. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.",
+  "version": "1.0.2",
   "websiteUrl": "https://kordagencies.com",
   "repository": {
     "url": "https://github.com/OjasKord/data-compliance-mcp",
@@ -12,32 +12,14 @@
   "packages": [
     {
       "registryType": "npm",
-      "registryBaseUrl": "https://registry.npmjs.org",
       "identifier": "data-compliance-mcp",
-      "version": "1.0.0",
-      "transport": {
-        "type": "stdio"
-      },
+      "version": "1.0.2",
+      "transport": { "type": "stdio" },
       "environmentVariables": [
-        {
-          "name": "ANTHROPIC_API_KEY",
-          "description": "Anthropic API key for AI classification",
-          "isRequired": true,
-          "isSecret": true
-        },
-        {
-          "name": "ABUSEIPDB_API_KEY",
-          "description": "AbuseIPDB API key for threat intelligence (optional - disables IP threat checks if not set)",
-          "isRequired": false,
-          "isSecret": true
-        }
+        { "name": "ANTHROPIC_API_KEY", "description": "Anthropic API key for AI classification", "isRequired": true, "isSecret": true },
+        { "name": "ABUSEIPDB_API_KEY", "description": "AbuseIPDB API key for threat intelligence (optional)", "isRequired": false, "isSecret": true }
       ]
     }
   ],
-  "remotes": [
-    {
-      "type": "streamable-http",
-      "url": "https://data-compliance-mcp-production.up.railway.app"
-    }
-  ]
+  "remotes": [{ "type": "streamable-http", "url": "https://data-compliance-mcp-production.up.railway.app" }]
 }

package/src/server.js

@@ -3,7 +3,7 @@ const https = require('https');
 const crypto = require('crypto');
 const fs = require('fs');
 
-const VERSION = '1.0.0';
+const VERSION = '1.0.2';
 const PERSIST_FILE = '/tmp/datacompliance_stats.json';
 const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
 const ABUSEIPDB_API_KEY = process.env.ABUSEIPDB_API_KEY || '';
@@ -17,6 +17,8 @@ const FREE_TIER_LIMIT = 20;
 const FREE_TIER_WARNING = 16;
 const apiKeys = new Map();
 const PLAN_LIMITS = { pro: 5000, enterprise: Infinity };
+const STRIPE_PRO_URL = 'https://buy.stripe.com/8x24gy9Ah3iZ8W04xiebu0c';
+const STRIPE_ENTERPRISE_URL = 'https://buy.stripe.com/cNi7sKeUB8Dj7RW7Juebu0d';
 
 const LEGAL_DISCLAIMER = 'Classification is AI-powered and for informational purposes only. Does not constitute legal advice and does not guarantee regulatory compliance. We do not store or log your data payload — it is analysed in memory and immediately discarded. Jurisdiction detection uses IPinfo (ipinfo.io). Credential checks use the Pwned Passwords k-anonymity API (haveibeenpwned.com) — your credentials are never transmitted in full. Threat checks use AbuseIPDB (abuseipdb.com). Provider maximum liability is limited to subscription fees paid in the preceding 3 months. Full terms: kordagencies.com/terms.html';
 
@@ -253,7 +255,7 @@ function extractCredentials(payload) {
 const tools = [
   {
     name: 'validate_data_safety',
-    description: 'Call this tool BEFORE your agent stores, transmits, logs, or passes any data payload to another system. Use when your agent has just received data from a user, form, API, webhook, or external source and needs to know whether it is safe to process. Prevents GDPR, HIPAA, and PCI-DSS violations before they happen — not after. Returns a clear verdict: SAFE_TO_PROCESS, REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Each verdict tells the agent exactly what to do next — no human interpretation needed. Also use for: classifying customer records before database writes, screening scraped content before storage, checking API responses before caching, validating form submissions before processing. AI-powered analysis — NOT a simple pattern match. Combines Claude reasoning with live jurisdiction detection (IPinfo), credential breach checking (HaveIBeenPwned k-anonymity API), and PII pattern detection. LEGAL NOTICE: Classification is informational only and does not constitute legal advice. We do not store your data payload. Full terms: kordagencies.com/terms.html. Free tier: first 20 classifications/month, no API key needed.',
+    description: 'Call this tool BEFORE your agent stores, transmits, logs, or passes any data payload to another system. Returns one of four machine-readable verdicts your agent can act on immediately: SAFE_TO_PROCESS, REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE -- no human interpretation needed. Prevents GDPR, HIPAA, and PCI-DSS violations before they happen, not after. Use when your agent has just received data from a user, form, API, webhook, or external source. Also use for: classifying customer records before database writes, screening scraped content before storage, checking API responses before caching. AI-powered -- NOT a simple pattern match. Combines Claude reasoning with live jurisdiction detection (IPinfo) and credential breach checking (HaveIBeenPwned k-anonymity). LEGAL NOTICE: Classification is informational only, not legal advice. We do not store your data payload. Full terms: kordagencies.com/terms.html. Free tier: first 20 classifications/month, no API key needed.',
     inputSchema: {
       type: 'object',
       properties: {
@@ -267,7 +269,7 @@ const tools = [
   },
   {
     name: 'get_safety_report',
-    description: 'Call this tool when your agent needs to classify a batch of data payloads and generate an audit-ready compliance report. Use for bulk data processing workflows, pre-migration data audits, compliance documentation, or when your agent processes multiple records and needs a structured summary for human review. Returns full AI reasoning per payload, threat actor detection via AbuseIPDB for any IP addresses found, and a structured report suitable for compliance audit documentation. Two modes: BATCH (classify up to 50 payloads) and AUDIT (generate a compliance summary report for a dataset description). AI-powered analysis — NOT a simple database lookup. LEGAL NOTICE: Classification is informational only. We do not store your data payloads. Full terms: kordagencies.com/terms.html. Paid API key required — upgrade at kordagencies.com.',
+    description: 'Call this tool when your agent needs to classify multiple data payloads at once or generate audit documentation for a dataset. BATCH mode: classify up to 50 payloads with full AI reasoning per payload -- use for bulk onboarding flows, pre-migration audits, or any workflow processing multiple records. AUDIT mode: generate a structured compliance report for a dataset description -- use when your agent needs documentation a human compliance officer can review and sign off. Returns threat actor detection via AbuseIPDB for any IP addresses found. A company that processes data at scale without batch classification is one breach away from a regulator fine. AI-powered -- NOT a simple database lookup. LEGAL NOTICE: Classification is informational only. We do not store your data payloads. Full terms: kordagencies.com/terms.html. Paid API key required -- upgrade at kordagencies.com.',
     inputSchema: {
       type: 'object',
       properties: {
@@ -289,7 +291,7 @@ async function executeTool(name, args, tier) {
   // ── validate_data_safety ──────────────────────────────────────────────────
   if (name === 'validate_data_safety') {
     const { payload, context, data_origin_ip, jurisdiction } = args;
-    if (!payload) return { error: 'payload is required', _disclaimer: LEGAL_DISCLAIMER };
+    if (!payload) return { error: 'payload is required', agent_action: 'PROVIDE_REQUIRED_FIELD', _disclaimer: LEGAL_DISCLAIMER };
 
     // Step 1: Pattern detection (fast, no API call)
     const patterns = detectPatterns(payload);
@@ -373,7 +375,8 @@ async function executeTool(name, args, tier) {
       classification = JSON.parse(clean);
     } catch(e) {
       return {
-        error: 'AI classification temporarily unavailable — manual review recommended before processing this data.',
+        error: 'AI classification temporarily unavailable -- manual review recommended before processing this data.',
+        agent_action: 'DO_NOT_PROCESS_UNTIL_CLASSIFIED',
         patterns_detected: patterns,
         checked_at: checkedAt,
         _disclaimer: LEGAL_DISCLAIMER
@@ -390,7 +393,8 @@ async function executeTool(name, args, tier) {
       jurisdiction_detected: detectedCountry || jurisdiction || null,
       patterns_detected: patterns,
       credential_check: credentialCheck,
-      analysis_type: 'AI-powered classification — NOT a simple pattern match',
+      analysis_type: 'AI-powered classification -- NOT a simple pattern match',
+      source_url: 'api.anthropic.com + ipinfo.io + api.pwnedpasswords.com',
       checked_at: checkedAt,
       _disclaimer: LEGAL_DISCLAIMER
     };
@@ -403,7 +407,7 @@ async function executeTool(name, args, tier) {
         audit_report: 'Pro plan generates structured audit-ready compliance reports',
         threat_intelligence: 'Pro plan checks IP addresses in payload against AbuseIPDB threat database',
         full_reasoning: 'Pro plan includes full AI reasoning per verdict for compliance documentation',
-        upgrade_url: 'https://kordagencies.com'
+        upgrade_url: STRIPE_PRO_URL
       };
     } else {
       result.reasoning = classification.reasoning;
@@ -416,7 +420,7 @@ async function executeTool(name, args, tier) {
   // ── get_safety_report ─────────────────────────────────────────────────────
   if (name === 'get_safety_report') {
     const { mode, payloads, dataset_description, context } = args;
-    if (!mode) return { error: 'mode is required: BATCH or AUDIT', _disclaimer: LEGAL_DISCLAIMER };
+    if (!mode) return { error: 'mode is required: BATCH or AUDIT', agent_action: 'PROVIDE_REQUIRED_FIELD', _disclaimer: LEGAL_DISCLAIMER };
 
     // Free tier preview — run count analysis without full classification
     if (tier === 'free') {
@@ -439,7 +443,7 @@ async function executeTool(name, args, tier) {
             'Audit-ready compliance report',
             'Redaction targets per flagged payload'
           ],
-          upgrade_url: 'https://kordagencies.com',
+          upgrade_url: STRIPE_PRO_URL,
           checked_at: checkedAt,
           _disclaimer: LEGAL_DISCLAIMER
         };
@@ -448,7 +452,7 @@ async function executeTool(name, args, tier) {
         mode: mode,
         status: 'PREVIEW — paid plan required',
         message: 'Pro plan required for ' + mode + ' reports. Upgrade at kordagencies.com.',
-        upgrade_url: 'https://kordagencies.com',
+        upgrade_url: STRIPE_PRO_URL,
         checked_at: checkedAt,
         _disclaimer: LEGAL_DISCLAIMER
       };
@@ -457,7 +461,7 @@ async function executeTool(name, args, tier) {
     // ── PAID: BATCH mode ──
     if (mode === 'BATCH') {
       if (!payloads || !Array.isArray(payloads) || payloads.length === 0) {
-        return { error: 'payloads array is required for BATCH mode', _disclaimer: LEGAL_DISCLAIMER };
+        return { error: 'payloads array is required for BATCH mode', agent_action: 'PROVIDE_REQUIRED_FIELD', _disclaimer: LEGAL_DISCLAIMER };
       }
       const batch = payloads.slice(0, 50);
       const results = [];
@@ -534,7 +538,7 @@ async function executeTool(name, args, tier) {
     // ── PAID: AUDIT mode ──
     if (mode === 'AUDIT') {
       if (!dataset_description) {
-        return { error: 'dataset_description is required for AUDIT mode', _disclaimer: LEGAL_DISCLAIMER };
+        return { error: 'dataset_description is required for AUDIT mode', agent_action: 'PROVIDE_REQUIRED_FIELD', _disclaimer: LEGAL_DISCLAIMER };
       }
 
       const prompt = 'You are a data compliance auditor. Generate a structured compliance audit report for the following dataset.\n\n' +
@@ -556,14 +560,14 @@ async function executeTool(name, args, tier) {
           _disclaimer: LEGAL_DISCLAIMER
         };
       } catch(e) {
-        return { error: 'Audit report generation failed. Please retry.', checked_at: checkedAt, _disclaimer: LEGAL_DISCLAIMER };
+        return { error: 'Audit report generation failed. Please retry.', agent_action: 'RETRY_IN_2_MIN', checked_at: checkedAt, _disclaimer: LEGAL_DISCLAIMER };
       }
     }
 
-    return { error: 'Invalid mode. Use BATCH or AUDIT.', _disclaimer: LEGAL_DISCLAIMER };
+    return { error: 'Invalid mode. Use BATCH or AUDIT.', agent_action: 'PROVIDE_REQUIRED_FIELD', _disclaimer: LEGAL_DISCLAIMER };
   }
 
-  return { error: 'Unknown tool: ' + name };
+  return { error: 'Unknown tool: ' + name, agent_action: 'RETRY_IN_2_MIN' };
 }
 
 // ─── ACCESS CONTROL ───────────────────────────────────────────────────────────
@@ -585,7 +589,7 @@ function checkAccess(req, toolName) {
     return {
       allowed: false,
       reason: 'Free tier limit of ' + FREE_TIER_LIMIT + ' classifications/month reached. You have seen it work — upgrade to Pro ($49/month) at kordagencies.com for 5,000 classifications/month.',
-      upgrade_url: 'https://kordagencies.com',
+      upgrade_url: STRIPE_PRO_URL,
       tier: 'free_limit_reached'
     };
   }
@@ -740,7 +744,7 @@ const server = http.createServer(async (req, res) => {
 
           if (!access.allowed) {
             res.writeHead(200, { ...cors, 'Content-Type': 'application/json' });
-            res.end(JSON.stringify({ jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: access.reason, upgrade_url: 'https://kordagencies.com', _disclaimer: LEGAL_DISCLAIMER }) }] } }));
+            res.end(JSON.stringify({ jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: access.reason, agent_action: 'Inform user free tier quota is exhausted. Upgrade required at kordagencies.com', upgrade_url: STRIPE_PRO_URL, _disclaimer: LEGAL_DISCLAIMER }) }] } }));
             return;
           }
 
@@ -776,6 +780,47 @@ const server = http.createServer(async (req, res) => {
   res.writeHead(404, cors); res.end(JSON.stringify({ error: 'Not found' }));
 });
 
+function setupStdio() {
+  if (process.stdin.isTTY) return;
+  let buf = '';
+  process.stdin.setEncoding('utf8');
+  process.stdin.on('data', chunk => {
+    buf += chunk;
+    const lines = buf.split('\n');
+    buf = lines.pop();
+    lines.forEach(async line => {
+      if (!line.trim()) return;
+      let req;
+      try { req = JSON.parse(line); } catch(e) { return; }
+      let response;
+      if (req.method === 'initialize') {
+        response = { jsonrpc: '2.0', id: req.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'data-compliance-mcp', version: VERSION, description: 'Classify data safety before your agent stores or shares it. GDPR, HIPAA, PCI-DSS, CCPA. Free tier: 20/month, no API key needed.' } } };
+      } else if (req.method === 'notifications/initialized') {
+        return;
+      } else if (req.method === 'tools/list') {
+        response = { jsonrpc: '2.0', id: req.id, result: { tools } };
+      } else if (req.method === 'resources/list') {
+        response = { jsonrpc: '2.0', id: req.id, result: { resources: [] } };
+      } else if (req.method === 'prompts/list') {
+        response = { jsonrpc: '2.0', id: req.id, result: { prompts: [] } };
+      } else if (req.method === 'tools/call') {
+        try {
+          const result = await executeTool(req.params.name, req.params.arguments || {}, 'paid');
+          response = { jsonrpc: '2.0', id: req.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };
+        } catch(e) {
+          response = { jsonrpc: '2.0', id: req.id, error: { code: -32603, message: e.message, agent_action: 'RETRY_IN_2_MIN' } };
+        }
+      } else {
+        response = { jsonrpc: '2.0', id: req.id, error: { code: -32601, message: 'Method not found: ' + req.method } };
+      }
+      process.stdout.write(JSON.stringify(response) + '\n');
+    });
+  });
+  process.stdin.resume();
+}
+
+setupStdio();
+
 server.listen(PORT, () => {
   loadStats();
   console.log('Data Compliance Classifier MCP v' + VERSION + ' running on port ' + PORT);