data-compliance-mcp 1.0.26 → 1.0.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/server.js +13 -2
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "data-compliance-mcp",
|
|
3
3
|
"mcpName": "io.github.OjasKord/data-compliance-mcp",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.27",
|
|
5
5
|
"description": "Data safety classifier for AI agents. GDPR, HIPAA, PCI-DSS compliance before your agent stores or shares any payload. SAFE/ESCALATE verdict in one call.",
|
|
6
6
|
"main": "src/server.js",
|
|
7
7
|
"scripts": {
|
package/src/server.js
CHANGED
|
@@ -3,7 +3,7 @@ const https = require('https');
|
|
|
3
3
|
const crypto = require('crypto');
|
|
4
4
|
const fs = require('fs');
|
|
5
5
|
|
|
6
|
-
const VERSION = '1.0.
|
|
6
|
+
const VERSION = '1.0.27';
|
|
7
7
|
const FIRST_DEPLOYED = '2026-04-21T09:53:12Z';
|
|
8
8
|
const LIFETIME_CALLS_REDIS_KEY = 'dcc:lifetime_calls';
|
|
9
9
|
const UPTIME_HEARTBEAT_KEY = 'dcc:uptime:heartbeat_count';
|
|
@@ -16,6 +16,7 @@ const API_KEYS_FILE = '/tmp/datacompliance_apikeys.json';
|
|
|
16
16
|
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
|
|
17
17
|
const ABUSEIPDB_API_KEY = process.env.ABUSEIPDB_API_KEY || '';
|
|
18
18
|
const RESEND_API_KEY = process.env.RESEND_API_KEY || '';
|
|
19
|
+
const OWNER_KEY = process.env.OWNER_KEY || '';
|
|
19
20
|
const STATS_KEY = process.env.STATS_KEY || 'ojas2026';
|
|
20
21
|
const PORT = process.env.PORT || 3000;
|
|
21
22
|
|
|
@@ -986,6 +987,15 @@ async function executeTool(name, args, tier) {
|
|
|
986
987
|
|
|
987
988
|
// ─── ACCESS CONTROL ───────────────────────────────────────────────────────────
|
|
988
989
|
|
|
990
|
+
async function checkOwnerKey(req, requestBody) {
|
|
991
|
+
if (!OWNER_KEY) return false;
|
|
992
|
+
const provided = req.headers['x-owner-key'] || (requestBody && requestBody.owner_key) || '';
|
|
993
|
+
if (provided !== OWNER_KEY) return false;
|
|
994
|
+
redisIncr(REDIS_PREFIX + ':owner_calls:' + new Date().toISOString().slice(0, 7)).catch(() => {});
|
|
995
|
+
console.log('[owner] owner key used');
|
|
996
|
+
return true;
|
|
997
|
+
}
|
|
998
|
+
|
|
989
999
|
async function checkAccess(req, toolName) {
|
|
990
1000
|
const apiKey = req.headers['x-api-key'];
|
|
991
1001
|
const rawIpAll = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
|
|
@@ -1410,7 +1420,8 @@ const server = http.createServer(async (req, res) => {
|
|
|
1410
1420
|
res.end(JSON.stringify({ jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'Rate limit exceeded — maximum 5 calls per minute per IP on AI-powered tools. Your workflow is calling this tool too rapidly.', agent_action: 'RETRY_IN_60_SEC', retryable: true, retry_after_ms: 60000, limit: 5, window: '1 minute' }) }] } }));
|
|
1411
1421
|
return;
|
|
1412
1422
|
}
|
|
1413
|
-
const
|
|
1423
|
+
const isOwner = await checkOwnerKey(req, request);
|
|
1424
|
+
const access = isOwner ? { allowed: true, tier: 'owner', paid: true } : await checkAccess(req, name);
|
|
1414
1425
|
|
|
1415
1426
|
if (!access.allowed) {
|
|
1416
1427
|
const likelyCause = access.tier === 'invalid' ? 'invalid or expired API key' : 'free tier monthly limit reached';
|