data-compliance-mcp 1.0.18 → 1.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +3 -0
- package/README.md +2 -0
- package/package.json +1 -1
- package/smithery.yaml +1 -1
- package/src/server.js +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.0.19] - 2026-06-16
|
|
4
|
+
- feat: ATO optimisation — purpose verb, usage context, required fields, ToolRank badge
|
|
5
|
+
|
|
3
6
|
## [1.0.18] - 2026-06-15
|
|
4
7
|
- feat: add hold_reason, retry_after, escalation_path to REDACT_BEFORE_PASSING, DO_NOT_STORE, ESCALATE responses in validate_data_safety
|
|
5
8
|
|
package/README.md
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "data-compliance-mcp",
|
|
3
3
|
"mcpName": "io.github.OjasKord/data-compliance-mcp",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.19",
|
|
5
5
|
"description": "Data safety classifier for AI agents. GDPR, HIPAA, PCI-DSS compliance before your agent stores or shares any payload. SAFE/ESCALATE verdict in one call.",
|
|
6
6
|
"main": "src/server.js",
|
|
7
7
|
"scripts": {
|
package/smithery.yaml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
name: Data Compliance Classifier MCP
|
|
2
|
-
description: "Before passing any user data to an external API, database, or third-party service, call validate_data_safety. Returns SAFE/ESCALATE verdict with applicable regulations."
|
|
2
|
+
description: "Before passing any user data to an external API, database, or third-party service, call validate_data_safety. Returns SAFE/ESCALATE verdict with applicable regulations. 2 focused tools. Compact schema. Minimal agent context overhead."
|
|
3
3
|
categories:
|
|
4
4
|
- Compliance
|
|
5
5
|
- Security
|
package/src/server.js
CHANGED
|
@@ -3,7 +3,7 @@ const https = require('https');
|
|
|
3
3
|
const crypto = require('crypto');
|
|
4
4
|
const fs = require('fs');
|
|
5
5
|
|
|
6
|
-
const VERSION = '1.0.
|
|
6
|
+
const VERSION = '1.0.19';
|
|
7
7
|
const PERSIST_FILE = '/tmp/datacompliance_stats.json';
|
|
8
8
|
const API_KEYS_FILE = '/tmp/datacompliance_apikeys.json';
|
|
9
9
|
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
|
|
@@ -408,7 +408,7 @@ const tools = [
|
|
|
408
408
|
{
|
|
409
409
|
name: 'validate_data_safety',
|
|
410
410
|
idempotent: true,
|
|
411
|
-
description: 'Call this BEFORE your agent passes any assembled payload to an external API, writes it to a database, or transmits it via any third-party service -- at the moment the payload is assembled and no external call has been made, including any Stripe MPP, Alipay AI Pay, Shopify UCP, or third-party API call. Returns SAFE_TO_PROCESS / REDACT_BEFORE_PASSING / DO_NOT_STORE / ESCALATE verdict against GDPR, HIPAA, PCI-DSS, CCPA, and 7 other frameworks. Unclassified sensitive data transmitted to an external endpoint creates unrecoverable regulatory exposure with no notification path. Call get_safety_report next if verdict is not SAFE_TO_PROCESS. Returns machine-ready verdict, no further analysis needed.',
|
|
411
|
+
description: 'Validates a data payload against GDPR, HIPAA, PCI-DSS, and other frameworks. Call this BEFORE your agent passes any assembled payload to an external API, writes it to a database, or transmits it via any third-party service -- at the moment the payload is assembled and no external call has been made, including any Stripe MPP, Alipay AI Pay, Shopify UCP, or third-party API call. Use this when your agent has assembled user-sourced or API-response data and is about to write it to storage or transmit it to an external service. Returns SAFE_TO_PROCESS / REDACT_BEFORE_PASSING / DO_NOT_STORE / ESCALATE verdict against GDPR, HIPAA, PCI-DSS, CCPA, and 7 other frameworks. Unclassified sensitive data transmitted to an external endpoint creates unrecoverable regulatory exposure with no notification path. Call get_safety_report next if verdict is not SAFE_TO_PROCESS. Returns machine-ready verdict, no further analysis needed.',
|
|
412
412
|
inputSchema: {
|
|
413
413
|
type: 'object',
|
|
414
414
|
properties: {
|
|
@@ -423,7 +423,7 @@ const tools = [
|
|
|
423
423
|
{
|
|
424
424
|
name: 'get_safety_report',
|
|
425
425
|
idempotent: true,
|
|
426
|
-
description: 'Call this BEFORE your agent decides whether to proceed, redact, or halt -- immediately after validate_data_safety returns REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Returns the specific regulation triggered, exact fields that are problematic, redaction strategy, and a compliant reformulation your agent can transmit instead. Do not proceed with the original payload after a non-SAFE verdict without running this tool first.',
|
|
426
|
+
description: 'Retrieves a detailed compliance report and remediation strategy for a flagged payload. Call this BEFORE your agent decides whether to proceed, redact, or halt -- immediately after validate_data_safety returns REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Use this when validate_data_safety has returned a non-SAFE verdict and your agent needs the specific regulation triggered, the problematic fields, and a compliant reformulation before acting. Returns the specific regulation triggered, exact fields that are problematic, redaction strategy, and a compliant reformulation your agent can transmit instead. Do not proceed with the original payload after a non-SAFE verdict without running this tool first.',
|
|
427
427
|
inputSchema: {
|
|
428
428
|
type: 'object',
|
|
429
429
|
properties: {
|
|
@@ -440,7 +440,7 @@ const tools = [
|
|
|
440
440
|
{
|
|
441
441
|
name: 'validate_data_safety_lite',
|
|
442
442
|
idempotent: true,
|
|
443
|
-
description: 'Call this BEFORE pre-screening high-volume payloads when pattern detection is sufficient and AI classification is not required. Returns SAFE_TO_PROCESS / REVIEW_REQUIRED in under 100ms -- no AI, no IP check, no jurisdiction lookup. Use to filter large batches before selectively running validate_data_safety on flagged payloads. Do not use as a substitute for validate_data_safety before storing or transmitting data in regulated environments.',
|
|
443
|
+
description: 'Validates a payload for sensitive patterns without AI classification. Call this BEFORE pre-screening high-volume payloads when pattern detection is sufficient and AI classification is not required. Use this when your agent is processing a large volume of payloads in batch and needs a fast pattern-only filter before selectively invoking full AI classification on flagged items. Returns SAFE_TO_PROCESS / REVIEW_REQUIRED in under 100ms -- no AI, no IP check, no jurisdiction lookup. Use to filter large batches before selectively running validate_data_safety on flagged payloads. Do not use as a substitute for validate_data_safety before storing or transmitting data in regulated environments.',
|
|
444
444
|
inputSchema: {
|
|
445
445
|
type: 'object',
|
|
446
446
|
properties: {
|