url-safety-validator-mcp 1.2.10 → 1.2.14

package/CHANGELOG.md

@@ -2,6 +2,18 @@
 
 All notable changes to URL Safety Validator MCP are documented here.
 
+## [1.2.14] — 2026-06-11
+- feat: per-tool kill switch + per-minute rate limiting on AI tools
+
+## [1.2.13] — 2026-06-08
+- fix: BEFORE trigger language, consequence-first limit error
+
+## [1.2.12] — 2026-06-05
+- feat: Smithery optimisation - updated package.json description/keywords and smithery.yaml with system prompt
+
+## [1.2.11] — 2026-06-04
+- feat: /daily-report endpoint for consolidated daily summary
+
 ## [1.2.10] — 2026-06-04
 
 ### Added

package/package.json

@@ -1,31 +1,24 @@
 {
   "name": "url-safety-validator-mcp",
   "mcpName": "io.github.OjasKord/url-safety-validator-mcp",
-  "version": "1.2.10",
-  "description": "AI-powered URL safety validator MCP server. SAFE/SUSPICIOUS/DANGEROUS verdict for agents.",
+  "version": "1.2.14",
+  "description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
   "main": "src/server.js",
   "scripts": {
     "start": "node src/server.js"
   },
   "keywords": [
     "mcp",
-    "agent",
-    "url",
-    "safety",
-    "validator",
+    "url-safety",
     "phishing",
     "malware",
-    "security",
-    "threat-intelligence",
     "web-risk",
-    "url-checker",
-    "link-safety",
-    "phishing-detection",
-    "google-web-risk",
     "safe-browsing",
-    "malware-detection",
-    "url-scanner",
-    "cybersecurity"
+    "cybersecurity",
+    "link-checker",
+    "threat-detection",
+    "url-validator",
+    "ai-agents"
   ],
   "author": "Kord Agencies Pte Ltd <ojas@kordagencies.com>",
   "license": "MIT",

package/smithery.yaml

@@ -1,4 +1,8 @@
-description: "URL safety checker for AI agents. Detects phishing and malware before your agent visits any link."
+name: URL Safety Validator MCP
+description: "Before your agent fetches, visits, or follows any URL from an untrusted source, call check_url. Returns BLOCK/ALLOW verdict with threat category and trust score."
+categories:
+  - Security
+  - Web
 startCommand:
   type: http
   url: https://url-safety-validator-mcp-production.up.railway.app
@@ -11,42 +15,4 @@ startCommand:
         x-from:
           header: "x-api-key"
     required: []
-systemPrompt: |
-  URL Safety Validator MCP is a link verification layer for AI agents.
-
-  It combines multiple threat intelligence sources with AI-powered analysis to give agents a safety verdict before visiting, processing, or sharing any URL.
-
-  ONE TOOL, ONE VERDICT
-
-  check_url returns SAFE / SUSPICIOUS / DANGEROUS with a trust score 0-100, threat categories, and an agent_action field -- so your agent can proceed or block without any further analysis.
-
-  WHEN TO USE THIS SERVER
-
-  Use this tool whenever your agent is about to:
-  - Visit or fetch content from any URL provided by a user or external source
-  - Follow a link in an email, message, or document
-  - Share or forward a URL to another system or user
-  - Process a redirect or shortened URL
-  - Include an unverified URL in a report or output
-
-  RECOMMENDED WORKFLOW
-
-  Before your agent visits or shares any URL:
-  1. check_url(url) - get SAFE / SUSPICIOUS / DANGEROUS verdict with trust score 0-100
-  Only proceed if verdict is SAFE. Block immediately if DANGEROUS. Flag for review if SUSPICIOUS.
-
-  TOOLS
-
-  check_url (AI-POWERED)
-  - Checks URL against Google Safe Browsing, domain reputation databases, and AI-powered phishing analysis
-  - Returns: verdict (SAFE / SUSPICIOUS / DANGEROUS), trust_score 0-100, threat_categories, domain_age_days, redirect_chain, agent_action
-  - AI analysis catches obfuscated phishing and newly registered domains that blocklists miss
-  - One call replaces three separate threat intelligence lookups
-  - Free tier: first 10 calls/month, no API key needed
-
-  LEGAL NOTICE
-  No URL safety check provides a 100% guarantee. Results are for informational purposes only. We do not log your query content. Full terms: kordagencies.com/terms.html
-
-  FREE TIER
-  10 calls/month with no API key.
-  Upgrade at kordagencies.com -- Pro $49/month, Enterprise $199/month.
+systemPrompt: "You are a URL safety specialist. Before your agent fetches, visits, clicks, or passes any URL from an untrusted source - emails, scraped pages, user inputs, documents, API responses, or redirects - use check_url. A DANGEROUS verdict means stop immediately. Never follow an unchecked URL from an external source."

package/src/server.js

@@ -5,7 +5,7 @@ const fs = require('fs');
 const crypto = require('crypto');
 const { Readable } = require('stream');
 
-const VERSION = '1.2.10';
+const VERSION = '1.2.14';
 const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
 const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
 const PORT = process.env.PORT || 3000;
@@ -29,6 +29,22 @@ const toolUsageCounts = {};
 const trialExtensions = new Map();
 const TRIAL_EXTENSION_CALLS = 10;
 
+const perMinuteUsage = new Map();
+
+function checkPerMinuteLimit(ip, toolName, limit) {
+  const minuteKey = ip + ':' + toolName + ':' + new Date().toISOString().slice(0, 16);
+  const count = perMinuteUsage.get(minuteKey) || 0;
+  if (count >= limit) return false;
+  perMinuteUsage.set(minuteKey, count + 1);
+  if (perMinuteUsage.size > 10000) {
+    const currentMinute = new Date().toISOString().slice(0, 16);
+    for (const [key] of perMinuteUsage) {
+      if (!key.includes(currentMinute)) perMinuteUsage.delete(key);
+    }
+  }
+  return true;
+}
+
 const REDIS_PREFIX = 'url';
 const FREE_TIER_REDIS_KEY = 'url:free_tier_usage';
 const UPSTASH_URL = process.env.UPSTASH_REDIS_REST_URL;
@@ -460,7 +476,7 @@ async function checkUrl(rawUrl) {
 const TOOL_DEFINITION = {
   name: 'check_url',
   idempotent: true,
-  description: 'Call this immediately before your agent fetches, visits, follows, or passes any URL from an untrusted source — emails, scraped pages, user inputs, documents, API responses, or redirects. A DANGEROUS verdict means do not proceed under any circumstances. A SUSPICIOUS verdict means flag for human review before proceeding. A SAFE verdict means proceed. An agent that follows a URL without checking it first is one weaponised link away from credential exfiltration — there is no recovery path once the agent has executed on a malicious page. Checks against Google Web Risk, Google Safe Browsing, RDAP domain age, SSL verification, and AI-powered contextual analysis. Returns agent_action (BLOCK/FLAG_AND_PROCEED/ALLOW), verdict, trust_score 0-100, and threat_categories — no further analysis needed. We do not log your query content. Free tier: 10 calls/month, no API key required.',
+  description: 'Call this BEFORE your agent fetches, visits, follows, or forwards any URL from an untrusted source — at the moment a URL is received from an email, scraped page, user input, document, API response, or redirect and has not yet been acted on. Returns BLOCK/FLAG_AND_PROCEED/ALLOW verdict with trust score 0-100 and threat categories. An unchecked URL followed by your agent is one weaponised link away from credential exfiltration with no recovery path. A DANGEROUS verdict means stop immediately — do not proceed under any circumstances.',
   inputSchema: {
     type: 'object',
     properties: {
@@ -515,11 +531,16 @@ function setupStdio() {
           } else if (request.method === 'prompts/list') {
             response = { jsonrpc: '2.0', id: request.id, result: { prompts: [] } };
           } else if (request.method === 'tools/call' && request.params?.name === 'check_url') {
-            const url = request.params?.arguments?.url;
-            if (!url) { response = { jsonrpc: '2.0', id: request.id, error: { code: -32602, message: 'url parameter required' } }; }
-            else {
-              const result = await checkUrl(url);
-              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };
+            const _ks = 'TOOL_DISABLED_CHECK_URL';
+            if (process.env[_ks] === 'true') {
+              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'This tool is temporarily unavailable for maintenance.', agent_action: 'RETRY_IN_30_MIN', retryable: true, retry_after_ms: 1800000 }) }] } };
+            } else {
+              const url = request.params?.arguments?.url;
+              if (!url) { response = { jsonrpc: '2.0', id: request.id, error: { code: -32602, message: 'url parameter required' } }; }
+              else {
+                const result = await checkUrl(url);
+                response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };
+              }
             }
           } else {
             response = { jsonrpc: '2.0', id: request.id, error: { code: -32601, message: 'Method not found: ' + request.method } };
@@ -686,6 +707,58 @@ const server = http.createServer(async (req, res) => {
     return;
   }
 
+  if (req.url === '/daily-report' && req.method === 'POST') {
+    if (req.headers['x-stats-key'] !== process.env.STATS_KEY) {
+      res.writeHead(401, cors); res.end(JSON.stringify({ error: 'Unauthorized' })); return;
+    }
+    (async () => {
+      const today = new Date().toISOString().slice(0, 10);
+      const since24h = new Date(Date.now() - 86400000).toISOString();
+      const cutoffMs = Date.now() - 86400000;
+
+      const recentLog = usageLog.filter(e => e.timestamp >= since24h);
+      const calls24h = recentLog.length;
+      const unique24h = new Set(recentLog.map(e => e.ip)).size;
+
+      const month = new Date().toISOString().slice(0, 7);
+      let limitHits = 0;
+      for (const months of Object.values(stats.free_tier_calls_by_ip || {})) {
+        if ((months[month] || 0) >= FREE_LIMIT) limitHits++;
+      }
+
+      let trialCount = 0;
+      for (const record of trialExtensions.values()) {
+        if (record.granted_at && record.granted_at >= since24h) trialCount++;
+      }
+
+      let paidCount = 0;
+      for (const record of apiKeys.values()) {
+        const ts = record.created_at ? new Date(record.created_at).getTime() : 0;
+        if (ts >= cutoffMs) paidCount++;
+      }
+
+      const sessionKeys = await redisKeys(REDIS_PREFIX + ':session:*:' + today);
+      const toolBreakdown = {};
+      for (const key of sessionKeys) {
+        const calls = await redisGet(key) || [];
+        calls.forEach(c => { if (c.tool) toolBreakdown[c.tool] = (toolBreakdown[c.tool] || 0) + 1; });
+      }
+
+      res.writeHead(200, { ...cors, 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        server: 'url-safety-validator-mcp',
+        date: today,
+        calls_24h: calls24h,
+        unique_ips_24h: unique24h,
+        limit_hits: limitHits,
+        trial_extensions: trialCount,
+        paid_conversions: paidCount,
+        tool_breakdown: toolBreakdown
+      }));
+    })();
+    return;
+  }
+
   // HTTP POST MCP handler -- mandatory
   if (req.method === 'POST' && req.url !== '/webhook/stripe') {
     let body = '';
@@ -708,13 +781,18 @@ const server = http.createServer(async (req, res) => {
         } else if (request.method === 'prompts/list') {
           response = { jsonrpc: '2.0', id: request.id, result: { prompts: [] } };
         } else if (request.method === 'tools/call' && request.params?.name === 'check_url') {
+          if (process.env['TOOL_DISABLED_CHECK_URL'] === 'true') {
+            response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'This tool is temporarily unavailable for maintenance.', agent_action: 'RETRY_IN_30_MIN', retryable: true, retry_after_ms: 1800000 }) }] } };
+          } else if (!checkPerMinuteLimit(clientIp, 'check_url', 5)) {
+            response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'Rate limit exceeded — maximum 5 calls per minute per IP on AI-powered tools. Your workflow is calling this tool too rapidly.', agent_action: 'RETRY_IN_60_SEC', retryable: true, retry_after_ms: 60000, limit: 5, window: '1 minute' }) }] } };
+          } else {
           const url = request.params?.arguments?.url;
           if (!url) {
             response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'url parameter required', likely_cause: 'required field missing or malformed URL provided', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Retry with a url parameter value. Example: {"url":"https://example.com"}', category: 'invalid_input', trace_id: crypto.randomBytes(8).toString('hex'), _disclaimer: LEGAL_DISCLAIMER }) }] } };
           } else {
             const tier = checkTier(clientIp, apiKey);
             if (!tier.allowed) {
-              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'Free tier limit of ' + FREE_LIMIT + ' calls/month reached. Option 1: POST /trial-extension with {"name":"...","email":"...","use_case":"..."} for 10 extra free calls. Option 2: Upgrade at ' + PRO_UPGRADE_URL + ' (500 calls, never expire).', likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
+              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'An unchecked URL followed by your agent creates unrecoverable security exposure — stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.', likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
             } else {
               recordCall(clientIp, apiKey);
               saveFreeTierToRedis().catch(() => {});
@@ -729,6 +807,7 @@ const server = http.createServer(async (req, res) => {
               response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };
             }
           }
+          }
         } else {
           response = { jsonrpc: '2.0', id: request.id, error: { code: -32601, message: 'Method not found: ' + request.method } };
         }