data-compliance-mcp 1.0.18 → 1.0.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/README.md +2 -0
- package/package.json +1 -1
- package/server.json +42 -25
- package/smithery.yaml +1 -1
- package/src/server.js +10 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.0.20] - 2026-06-17
|
|
4
|
+
- fix: Stripe webhook now validates payment_link ID — ignores events not belonging to this server
|
|
5
|
+
|
|
6
|
+
## [1.0.19] - 2026-06-16
|
|
7
|
+
- feat: ATO optimisation — purpose verb, usage context, required fields, ToolRank badge
|
|
8
|
+
|
|
3
9
|
## [1.0.18] - 2026-06-15
|
|
4
10
|
- feat: add hold_reason, retry_after, escalation_path to REDACT_BEFORE_PASSING, DO_NOT_STORE, ESCALATE responses in validate_data_safety
|
|
5
11
|
|
package/README.md
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "data-compliance-mcp",
|
|
3
3
|
"mcpName": "io.github.OjasKord/data-compliance-mcp",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.20",
|
|
5
5
|
"description": "Data safety classifier for AI agents. GDPR, HIPAA, PCI-DSS compliance before your agent stores or shares any payload. SAFE/ESCALATE verdict in one call.",
|
|
6
6
|
"main": "src/server.js",
|
|
7
7
|
"scripts": {
|
package/server.json
CHANGED
|
@@ -1,25 +1,42 @@
|
|
|
1
|
-
{
|
|
2
|
-
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
|
|
3
|
-
"name": "io.github.OjasKord/data-compliance-mcp",
|
|
4
|
-
"title": "Data Compliance Classifier MCP",
|
|
5
|
-
"description": "Classify data safety before storing or sharing. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.",
|
|
6
|
-
"version": "1.0.
|
|
7
|
-
"websiteUrl": "https://kordagencies.com",
|
|
8
|
-
"repository": {
|
|
9
|
-
"url": "https://github.com/OjasKord/data-compliance-mcp",
|
|
10
|
-
"source": "github"
|
|
11
|
-
},
|
|
12
|
-
"packages": [
|
|
13
|
-
{
|
|
14
|
-
"registryType": "npm",
|
|
15
|
-
"identifier": "data-compliance-mcp",
|
|
16
|
-
"version": "1.0.
|
|
17
|
-
"transport": {
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
|
|
3
|
+
"name": "io.github.OjasKord/data-compliance-mcp",
|
|
4
|
+
"title": "Data Compliance Classifier MCP",
|
|
5
|
+
"description": "Classify data safety before storing or sharing. GDPR, HIPAA, PCI-DSS, CCPA. AI-powered.",
|
|
6
|
+
"version": "1.0.19",
|
|
7
|
+
"websiteUrl": "https://kordagencies.com",
|
|
8
|
+
"repository": {
|
|
9
|
+
"url": "https://github.com/OjasKord/data-compliance-mcp",
|
|
10
|
+
"source": "github"
|
|
11
|
+
},
|
|
12
|
+
"packages": [
|
|
13
|
+
{
|
|
14
|
+
"registryType": "npm",
|
|
15
|
+
"identifier": "data-compliance-mcp",
|
|
16
|
+
"version": "1.0.19",
|
|
17
|
+
"transport": {
|
|
18
|
+
"type": "stdio"
|
|
19
|
+
},
|
|
20
|
+
"environmentVariables": [
|
|
21
|
+
{
|
|
22
|
+
"name": "ANTHROPIC_API_KEY",
|
|
23
|
+
"description": "Anthropic API key for AI classification",
|
|
24
|
+
"isRequired": true,
|
|
25
|
+
"isSecret": true
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"name": "ABUSEIPDB_API_KEY",
|
|
29
|
+
"description": "AbuseIPDB API key for threat intelligence (optional)",
|
|
30
|
+
"isRequired": false,
|
|
31
|
+
"isSecret": true
|
|
32
|
+
}
|
|
33
|
+
]
|
|
34
|
+
}
|
|
35
|
+
],
|
|
36
|
+
"remotes": [
|
|
37
|
+
{
|
|
38
|
+
"type": "streamable-http",
|
|
39
|
+
"url": "https://data-compliance-mcp-production.up.railway.app"
|
|
40
|
+
}
|
|
41
|
+
]
|
|
42
|
+
}
|
package/smithery.yaml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
name: Data Compliance Classifier MCP
|
|
2
|
-
description: "Before passing any user data to an external API, database, or third-party service, call validate_data_safety. Returns SAFE/ESCALATE verdict with applicable regulations."
|
|
2
|
+
description: "Before passing any user data to an external API, database, or third-party service, call validate_data_safety. Returns SAFE/ESCALATE verdict with applicable regulations. 2 focused tools. Compact schema. Minimal agent context overhead."
|
|
3
3
|
categories:
|
|
4
4
|
- Compliance
|
|
5
5
|
- Security
|
package/src/server.js
CHANGED
|
@@ -3,7 +3,7 @@ const https = require('https');
|
|
|
3
3
|
const crypto = require('crypto');
|
|
4
4
|
const fs = require('fs');
|
|
5
5
|
|
|
6
|
-
const VERSION = '1.0.
|
|
6
|
+
const VERSION = '1.0.20';
|
|
7
7
|
const PERSIST_FILE = '/tmp/datacompliance_stats.json';
|
|
8
8
|
const API_KEYS_FILE = '/tmp/datacompliance_apikeys.json';
|
|
9
9
|
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
|
|
@@ -41,6 +41,7 @@ function checkPerMinuteLimit(ip, toolName, limit) {
|
|
|
41
41
|
const STRIPE_PRO_URL = 'https://buy.stripe.com/cNidR87s9dXD0pue7Sebu0r';
|
|
42
42
|
const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/9B6bJ0aElbPv7RW9RCebu0s';
|
|
43
43
|
const STRIPE_ENTERPRISE_URL = 'https://buy.stripe.com/cNi7sKeUB8Dj7RW7Juebu0d';
|
|
44
|
+
const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzEjD6WvRe6sn35lz6hsVZ', 'plink_1TQzGlD6WvRe6sn3o85eJaLV', 'plink_1TObMjD6WvRe6sn3jOhhQVLR'];
|
|
44
45
|
|
|
45
46
|
const REDIS_PREFIX = 'dcc';
|
|
46
47
|
const FREE_TIER_REDIS_KEY = 'dcc:free_tier_usage';
|
|
@@ -408,7 +409,7 @@ const tools = [
|
|
|
408
409
|
{
|
|
409
410
|
name: 'validate_data_safety',
|
|
410
411
|
idempotent: true,
|
|
411
|
-
description: 'Call this BEFORE your agent passes any assembled payload to an external API, writes it to a database, or transmits it via any third-party service -- at the moment the payload is assembled and no external call has been made, including any Stripe MPP, Alipay AI Pay, Shopify UCP, or third-party API call. Returns SAFE_TO_PROCESS / REDACT_BEFORE_PASSING / DO_NOT_STORE / ESCALATE verdict against GDPR, HIPAA, PCI-DSS, CCPA, and 7 other frameworks. Unclassified sensitive data transmitted to an external endpoint creates unrecoverable regulatory exposure with no notification path. Call get_safety_report next if verdict is not SAFE_TO_PROCESS. Returns machine-ready verdict, no further analysis needed.',
|
|
412
|
+
description: 'Validates a data payload against GDPR, HIPAA, PCI-DSS, and other frameworks. Call this BEFORE your agent passes any assembled payload to an external API, writes it to a database, or transmits it via any third-party service -- at the moment the payload is assembled and no external call has been made, including any Stripe MPP, Alipay AI Pay, Shopify UCP, or third-party API call. Use this when your agent has assembled user-sourced or API-response data and is about to write it to storage or transmit it to an external service. Returns SAFE_TO_PROCESS / REDACT_BEFORE_PASSING / DO_NOT_STORE / ESCALATE verdict against GDPR, HIPAA, PCI-DSS, CCPA, and 7 other frameworks. Unclassified sensitive data transmitted to an external endpoint creates unrecoverable regulatory exposure with no notification path. Call get_safety_report next if verdict is not SAFE_TO_PROCESS. Returns machine-ready verdict, no further analysis needed.',
|
|
412
413
|
inputSchema: {
|
|
413
414
|
type: 'object',
|
|
414
415
|
properties: {
|
|
@@ -423,7 +424,7 @@ const tools = [
|
|
|
423
424
|
{
|
|
424
425
|
name: 'get_safety_report',
|
|
425
426
|
idempotent: true,
|
|
426
|
-
description: 'Call this BEFORE your agent decides whether to proceed, redact, or halt -- immediately after validate_data_safety returns REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Returns the specific regulation triggered, exact fields that are problematic, redaction strategy, and a compliant reformulation your agent can transmit instead. Do not proceed with the original payload after a non-SAFE verdict without running this tool first.',
|
|
427
|
+
description: 'Retrieves a detailed compliance report and remediation strategy for a flagged payload. Call this BEFORE your agent decides whether to proceed, redact, or halt -- immediately after validate_data_safety returns REDACT_BEFORE_PASSING, DO_NOT_STORE, or ESCALATE. Use this when validate_data_safety has returned a non-SAFE verdict and your agent needs the specific regulation triggered, the problematic fields, and a compliant reformulation before acting. Returns the specific regulation triggered, exact fields that are problematic, redaction strategy, and a compliant reformulation your agent can transmit instead. Do not proceed with the original payload after a non-SAFE verdict without running this tool first.',
|
|
427
428
|
inputSchema: {
|
|
428
429
|
type: 'object',
|
|
429
430
|
properties: {
|
|
@@ -440,7 +441,7 @@ const tools = [
|
|
|
440
441
|
{
|
|
441
442
|
name: 'validate_data_safety_lite',
|
|
442
443
|
idempotent: true,
|
|
443
|
-
description: 'Call this BEFORE pre-screening high-volume payloads when pattern detection is sufficient and AI classification is not required. Returns SAFE_TO_PROCESS / REVIEW_REQUIRED in under 100ms -- no AI, no IP check, no jurisdiction lookup. Use to filter large batches before selectively running validate_data_safety on flagged payloads. Do not use as a substitute for validate_data_safety before storing or transmitting data in regulated environments.',
|
|
444
|
+
description: 'Validates a payload for sensitive patterns without AI classification. Call this BEFORE pre-screening high-volume payloads when pattern detection is sufficient and AI classification is not required. Use this when your agent is processing a large volume of payloads in batch and needs a fast pattern-only filter before selectively invoking full AI classification on flagged items. Returns SAFE_TO_PROCESS / REVIEW_REQUIRED in under 100ms -- no AI, no IP check, no jurisdiction lookup. Use to filter large batches before selectively running validate_data_safety on flagged payloads. Do not use as a substitute for validate_data_safety before storing or transmitting data in regulated environments.',
|
|
444
445
|
inputSchema: {
|
|
445
446
|
type: 'object',
|
|
446
447
|
properties: {
|
|
@@ -920,6 +921,11 @@ async function handleStripeWebhook(body, sig) {
|
|
|
920
921
|
const event = JSON.parse(body);
|
|
921
922
|
if (event.type === 'checkout.session.completed') {
|
|
922
923
|
const session = event.data.object;
|
|
924
|
+
const paymentLinkId = session.payment_link;
|
|
925
|
+
if (paymentLinkId && !ALLOWED_PAYMENT_LINK_IDS.includes(paymentLinkId)) {
|
|
926
|
+
console.log('[data-compliance] Webhook received but payment link ' + paymentLinkId + ' not for this server — ignoring.');
|
|
927
|
+
return { received: true, ignored: true };
|
|
928
|
+
}
|
|
923
929
|
const email = session.customer_email || session.customer_details?.email;
|
|
924
930
|
const plan = getPlanFromProduct(session.metadata?.product_name || '');
|
|
925
931
|
if (email) {
|