url-safety-validator-mcp 1.2.24 → 1.2.26

package/CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to URL Safety Validator MCP are documented here.
 
+## [1.2.26] — 2026-06-25
+- feat: calls_remaining field added to check_url responses -- "unlimited" for paid keys, numeric free-tier headroom otherwise
+- feat: verdict_ttl field added (3600s/1hr -- threat landscape changes fast)
+- feat: data_source_status field added (full/degraded/partial) -- "degraded" when Google Web Risk (critical source) is unavailable, "partial" when only AI trust scoring is unavailable, "full" when both respond
+- Task 1 (purpose verb + required fields) audited -- already correct on check_url from a prior pass, no changes needed
+
+## [1.2.25] — 2026-06-24
+- feat: unauthenticated /public-stats endpoint -- first_deployed, lifetime tool calls, uptime %, version, for agent orchestrators evaluating server trustworthiness
+- feat: /process-trial-followups endpoint + 24h follow-up record on trial-extension grant
+- feat: gate response now self-contained (server + workflow impact + upgrade path in one sentence) and detects cross-server operators via shared fleet Redis, with cross-server trial-extension note
+- feat: outputSchema added to check_url (additive, response format unchanged)
+- fix: tool description and both initialize descriptions said "Returns BLOCK / FLAG_AND_PROCEED / ALLOW verdict" -- the real `verdict` field is SAFE/SUSPICIOUS/DANGEROUS; BLOCK/FLAG_AND_PROCEED/ALLOW is a separate derived `agent_action` field. Clarified both fields and their relationship everywhere this was stated.
+- fix: glama.json and README claimed cross-checking against URLhaus and PhishTank -- neither is ever called in code, only Google Web Risk and Google Safe Browsing are. Removed the false claims, including a fabricated PhishTank citation in a README example response. Also fixed smithery.yaml claiming "2 focused tools" when this server has exactly 1 (check_url).
+- fix: /deps health check previously treated HTTP 403 (key rejected) on Google Web Risk as ok:true via the `statusCode < 500` pattern -- now treats 403 on an authenticated API as ok:false with error:'auth_failed'
+
 ## [1.2.24] — 2026-06-23
 - fix: gate returns HTTP 402 (x402 standard for non-transient quota)
 

package/README.md

@@ -6,7 +6,7 @@
 
 **Stop your agent from fetching a dangerous URL before it's too late.**
 
-Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, URLhaus, PhishTank, and AI analysis.
+Agents that process emails, scrape pages, or consume API responses encounter URLs from untrusted sources constantly. This server gives your agent a single call to gate every URL before it proceeds — returning a SAFE/SUSPICIOUS/DANGEROUS verdict backed by Google Web Risk, Google Safe Browsing, and AI analysis.
 
 ---
 
@@ -20,7 +20,7 @@ One tool: `check_url`. One call returns:
 - **SSL status:** valid or not
 - **Domain age:** registration date and age in days
 - **Redirect chain flag:** detected from URL parameters
-- **Database signals:** raw results from Google Web Risk, URLhaus, PhishTank
+- **Database signals:** raw results from Google Web Risk and Google Safe Browsing
 - **AI reasoning:** 2–3 sentence plain-English explanation
 - **AI confidence:** HIGH / MEDIUM / LOW
 
@@ -46,8 +46,7 @@ If the verdict is DANGEROUS — halt. If SUSPICIOUS — flag for review. If SAFE
 | Source | Type | Coverage |
 |---|---|---|
 | Google Web Risk | Commercial API | Malware, phishing, unwanted software |
-| URLhaus (abuse.ch) | Free | Active malware distribution URLs |
-| PhishTank | Free | Community-verified phishing URLs |
+| Google Safe Browsing | Free | Malware, phishing, unwanted software (fallback when Web Risk key absent) |
 | RDAP | Free | Domain registration date |
 | Anthropic Claude | AI | Trust scoring and reasoning synthesis |
 
@@ -152,7 +151,7 @@ Same as LangChain above — langchain-mcp-adapters works with LangGraph natively
   "domain_age_days": 12,
   "redirect_chain_detected": false,
   "threat_categories": ["phishing", "newly_registered"],
-  "reasoning": "Domain registered 12 days ago and confirmed in PhishTank as an active phishing site impersonating a financial institution. Google Web Risk flags this as SOCIAL_ENGINEERING.",
+  "reasoning": "Domain registered 12 days ago and impersonates a financial institution's login page. Google Web Risk flags this as SOCIAL_ENGINEERING.",
   "ai_confidence": "HIGH",
   "analysis_type": "AI-powered -- NOT a simple database lookup"
 }

package/glama.json

@@ -1,6 +1,6 @@
 {
   "name": "URL Safety Validator",
-  "description": "AI-powered URL safety validator. Returns SAFE/SUSPICIOUS/DANGEROUS verdict with trust score, threat categories, domain age, and SSL status. Cross-checks Google Web Risk, URLhaus, and PhishTank.",
+  "description": "AI-powered URL safety validator. Returns SAFE/SUSPICIOUS/DANGEROUS verdict with trust score, threat categories, domain age, and SSL status. Cross-checks Google Web Risk and Google Safe Browsing.",
   "license": "UNLICENSED",
   "homepage": "https://kordagencies.com",
   "repository": "https://github.com/OjasKord/url-safety-validator-mcp"

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "url-safety-validator-mcp",
   "mcpName": "io.github.OjasKord/url-safety-validator-mcp",
-  "version": "1.2.24",
+  "version": "1.2.26",
   "description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
   "main": "src/server.js",
   "scripts": {

package/server.json

@@ -1,48 +1,48 @@
-{
-  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
-  "name": "io.github.OjasKord/url-safety-validator-mcp",
-  "title": "URL Safety Validator MCP",
-  "description": "AI URL safety validator: SAFE/SUSPICIOUS/DANGEROUS verdict, trust score, threat intel.",
-  "version": "1.2.20",
-  "websiteUrl": "https://kordagencies.com",
-  "repository": {
-    "url": "https://github.com/OjasKord/url-safety-validator-mcp",
-    "source": "github"
-  },
-  "packages": [
-    {
-      "registryType": "npm",
-      "identifier": "url-safety-validator-mcp",
-      "version": "1.2.19",
-      "transport": {
-        "type": "stdio"
-      },
-      "environmentVariables": [
-        {
-          "name": "ANTHROPIC_API_KEY",
-          "description": "Anthropic API key for AI trust scoring",
-          "isRequired": true,
-          "isSecret": true
-        },
-        {
-          "name": "GOOGLE_WEB_RISK_API_KEY",
-          "description": "Google Web Risk API key (commercial). Degrades gracefully without it.",
-          "isRequired": false,
-          "isSecret": true
-        },
-        {
-          "name": "GOOGLE_SAFE_BROWSING_API_KEY",
-          "description": "Google Safe Browsing API key (free tier available).",
-          "isRequired": false,
-          "isSecret": true
-        }
-      ]
-    }
-  ],
-  "remotes": [
-    {
-      "type": "streamable-http",
-      "url": "https://url-safety-validator-mcp-production.up.railway.app"
-    }
-  ]
-}
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.OjasKord/url-safety-validator-mcp",
+  "title": "URL Safety Validator MCP",
+  "description": "AI URL safety validator: SAFE/SUSPICIOUS/DANGEROUS verdict, trust score, threat intel.",
+  "version": "1.2.26",
+  "websiteUrl": "https://kordagencies.com",
+  "repository": {
+    "url": "https://github.com/OjasKord/url-safety-validator-mcp",
+    "source": "github"
+  },
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "url-safety-validator-mcp",
+      "version": "1.2.26",
+      "transport": {
+        "type": "stdio"
+      },
+      "environmentVariables": [
+        {
+          "name": "ANTHROPIC_API_KEY",
+          "description": "Anthropic API key for AI trust scoring",
+          "isRequired": true,
+          "isSecret": true
+        },
+        {
+          "name": "GOOGLE_WEB_RISK_API_KEY",
+          "description": "Google Web Risk API key (commercial). Degrades gracefully without it.",
+          "isRequired": false,
+          "isSecret": true
+        },
+        {
+          "name": "GOOGLE_SAFE_BROWSING_API_KEY",
+          "description": "Google Safe Browsing API key (free tier available).",
+          "isRequired": false,
+          "isSecret": true
+        }
+      ]
+    }
+  ],
+  "remotes": [
+    {
+      "type": "streamable-http",
+      "url": "https://url-safety-validator-mcp-production.up.railway.app"
+    }
+  ]
+}

package/smithery.yaml

@@ -1,6 +1,6 @@
 name: URL Safety Validator MCP
 agentRole: "URL Safety Specialist — equip before fetching, visiting, or following any untrusted URL"
-description: "Before your agent fetches, visits, or follows any URL from an untrusted source, call check_url. Returns BLOCK/ALLOW verdict with threat category and trust score. 2 focused tools. Compact schema. Minimal agent context overhead."
+description: "Pre-condition: an agent has received a URL from an untrusted source -- email, document, scraped page, or API response -- and is about to fetch, visit, or follow it. Skip this and a payment executed on a phishing domain via an agentic payment rail has no recovery path, since the redirect itself is the attack vector. check_url returns verdict SAFE/SUSPICIOUS/DANGEROUS with a derived agent_action ALLOW/FLAG_AND_PROCEED/BLOCK, checked live against Google Web Risk and Google Safe Browsing. 1 tool, one verdict, no further reasoning required."
 categories:
   - Security
   - Web

package/src/server.js

@@ -5,7 +5,7 @@ const fs = require('fs');
 const crypto = require('crypto');
 const { Readable } = require('stream');
 
-const VERSION = '1.2.24';
+const VERSION = '1.2.26';
 const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
 const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
 const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzIHD6WvRe6sn3820kFk07', 'plink_1TQzJdD6WvRe6sn3GN8mQkj9'];
@@ -50,6 +50,13 @@ const REDIS_PREFIX = 'url';
 const FREE_TIER_REDIS_KEY = 'url:free_tier_usage';
 const UPSTASH_URL = process.env.UPSTASH_REDIS_REST_URL;
 const UPSTASH_TOKEN = process.env.UPSTASH_REDIS_REST_TOKEN;
+const FIRST_DEPLOYED = '2026-04-22T06:38:09Z';
+const LIFETIME_CALLS_REDIS_KEY = 'url:lifetime_calls';
+const UPTIME_HEARTBEAT_KEY = 'url:uptime:heartbeat_count';
+const UPTIME_MONITORING_START_KEY = 'url:uptime:monitoring_started';
+const UPTIME_HEARTBEAT_INTERVAL_MS = 60000;
+const FLEET_IP24_TTL_SECONDS = 30 * 24 * 60 * 60;
+const FLEET_CROSS_SERVER_THRESHOLD = 3;
 
 function loadStats() {
   try {
@@ -181,6 +188,56 @@ async function redisDelete(key) {
   } catch(e) { console.error('[Redis] redisDelete failed:', e); }
 }
 
+async function redisIncr(key) {
+  try {
+    const res = await fetch(
+      `${UPSTASH_URL}/incr/${encodeURIComponent(key)}`,
+      { headers: { Authorization: `Bearer ${UPSTASH_TOKEN}` } }
+    );
+    const data = await res.json();
+    if (data.error) { console.error('[Redis] redisIncr error:', data.error, 'key:', key); return null; }
+    return data.result;
+  } catch(e) { console.error('[Redis] redisIncr failed:', e); return null; }
+}
+
+// ─── FLEET CROSS-SERVER OPERATOR DETECTION ─────────────────────────────────────
+async function recordFleetGateHit(ip) {
+  try {
+    const ip24 = truncateIp(ip);
+    const key = `fleet:ip24:${ip24}:${REDIS_PREFIX}`;
+    await redisSet(key, new Date().toISOString());
+    await redisExpire(key, FLEET_IP24_TTL_SECONDS);
+  } catch(e) { console.error('[Fleet] recordFleetGateHit failed:', e); }
+}
+
+async function checkFleetCrossServer(ip) {
+  try {
+    const ip24 = truncateIp(ip);
+    const keys = await redisKeys(`fleet:ip24:${ip24}:*`);
+    return keys.length;
+  } catch(e) { return 0; }
+}
+
+async function buildCrossServerNote(ip) {
+  const serverCount = await checkFleetCrossServer(ip);
+  if (serverCount >= FLEET_CROSS_SERVER_THRESHOLD) {
+    return 'Cross-server trial extension available -- this operator is already using ' + serverCount + ' Kord Agencies MCP servers. POST /trial-extension on any one of those servers to extend the trial across all of them.';
+  }
+  return null;
+}
+
+// ─── UPTIME TRACKING (for /public-stats) ───────────────────────────────────────
+async function initUptimeTracking() {
+  try {
+    let started = await redisGet(UPTIME_MONITORING_START_KEY);
+    if (!started) {
+      started = new Date().toISOString();
+      await redisSet(UPTIME_MONITORING_START_KEY, started);
+    }
+    setInterval(() => { redisIncr(UPTIME_HEARTBEAT_KEY).catch(() => {}); }, UPTIME_HEARTBEAT_INTERVAL_MS);
+  } catch(e) { console.error('[Uptime] initUptimeTracking failed:', e); }
+}
+
 async function findCheckoutSessionEmail(paymentIntentId) {
   const res = await fetch(
     `https://api.stripe.com/v1/checkout/sessions?payment_intent=${encodeURIComponent(paymentIntentId)}`,
@@ -455,6 +512,9 @@ async function checkUrl(rawUrl) {
   const signals = { google_web_risk: webRisk, google_safe_browsing: safeBrowsing, domain_age: domainAge, ssl };
 
   const ai = await getAITrustScore(href, hostname, signals);
+  // Caching/staleness policy and source-confidence flag (Task 3/4) -- Google Web Risk is the critical source for this server.
+  const VERDICT_TTL_CHECK_URL = 3600; // 1 hour -- threat landscape changes fast
+  const dataSourceStatus = !webRisk.available ? 'degraded' : (!ai.available ? 'partial' : 'full');
 
   // Determine final verdict -- hard overrides
   let verdict = ai.available ? ai.verdict : 'SUSPICIOUS';
@@ -497,6 +557,8 @@ async function checkUrl(rawUrl) {
     },
     checked_at: nowISO(),
     source_url: 'webrisk.googleapis.com',
+    verdict_ttl: VERDICT_TTL_CHECK_URL,
+    data_source_status: dataSourceStatus,
     _disclaimer: LEGAL_DISCLAIMER
   };
 
@@ -516,13 +578,40 @@ async function checkUrl(rawUrl) {
 const TOOL_DEFINITION = {
   name: 'check_url',
   idempotent: true,
-  description: 'Checks a URL for phishing, malware, typosquatting, and redirect threats. Call this BEFORE your agent fetches, follows, or forwards any URL in an agentic commerce workflow -- at the moment a merchant site, supplier portal, or payment redirect URL is received and no navigation has occurred. Use this when your agent has received a URL from an external source — email, document, or API response — and is about to navigate to it or pass it downstream. Checks live against Google Web Risk (webrisk.googleapis.com) and Google Safe Browsing (safebrowsing.googleapis.com). Returns BLOCK / FLAG_AND_PROCEED / ALLOW verdict with trust score 0-100 and threat categories. A payment executed on a phishing domain via Stripe MPP, Alipay AI Pay, or Shopify UCP has no recovery path -- the redirect is the attack vector. A DANGEROUS verdict means halt immediately. Returns machine-ready verdict, no further analysis needed.',
+  description: 'Checks a URL for phishing, malware, typosquatting, and redirect threats. Call this BEFORE your agent fetches, follows, or forwards any URL in an agentic commerce workflow -- at the moment a merchant site, supplier portal, or payment redirect URL is received and no navigation has occurred. Use this when your agent has received a URL from an external source — email, document, or API response — and is about to navigate to it or pass it downstream. Checks live against Google Web Risk (webrisk.googleapis.com) and Google Safe Browsing (safebrowsing.googleapis.com). Returns verdict SAFE / SUSPICIOUS / DANGEROUS with a derived agent_action of ALLOW / FLAG_AND_PROCEED / BLOCK, trust score 0-100, and threat categories. A payment executed on a phishing domain via Stripe MPP, Alipay AI Pay, or Shopify UCP has no recovery path -- the redirect is the attack vector. A DANGEROUS verdict means halt immediately. Returns machine-ready verdict, no further analysis needed.',
   inputSchema: {
     type: 'object',
     properties: {
       url: { type: 'string', description: 'The URL to check. Full URL preferred (e.g. https://example.com/path). Bare domains also accepted.' }
     },
     required: ['url']
+  },
+  outputSchema: {
+    type: 'object',
+    properties: {
+      url: { type: 'string' },
+      hostname: { type: 'string' },
+      verdict: { type: 'string', enum: ['SAFE', 'SUSPICIOUS', 'DANGEROUS'] },
+      agent_action: { type: 'string', enum: ['ALLOW', 'FLAG_AND_PROCEED', 'BLOCK'], description: 'Derived directly from verdict' },
+      trust_score: { type: 'number', minimum: 0, maximum: 100 },
+      ssl_valid: { type: 'boolean' },
+      domain_age_days: { type: ['number', 'null'] },
+      domain_registered: { type: ['string', 'null'] },
+      redirect_chain_detected: { type: 'boolean' },
+      threat_categories: { type: 'array', items: { type: 'string' } },
+      reasoning: { type: 'string' },
+      ai_confidence: { type: ['string', 'null'] },
+      analysis_type: { type: 'string' },
+      database_signals: { type: 'object' },
+      checked_at: { type: 'string', format: 'date-time' },
+      source_url: { type: 'string' },
+      hold_reason: { type: 'string', description: 'Present only when verdict is SUSPICIOUS' },
+      retry_after: { type: ['number', 'null'] },
+      escalation_path: { type: 'string', description: 'Present only when verdict is SUSPICIOUS' },
+      _disclaimer: { type: 'string' }
+    },
+    required: ['url', 'hostname', 'verdict', 'agent_action', 'trust_score', 'checked_at', '_disclaimer'],
+    additionalProperties: true
   }
 };
 
@@ -561,7 +650,7 @@ function setupStdio() {
           const request = JSON.parse(line);
           let response;
           if (request.method === 'initialize') {
-            response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'url-safety-validator-mcp', version: VERSION, description: 'Every agentic commerce workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must navigate to a merchant or supplier URL before it can proceed. This server answers that question in one call -- returning a machine-readable BLOCK / FLAG_AND_PROCEED / ALLOW verdict checked live against Google Web Risk and Google Safe Browsing, every call. Used before any agent URL fetch, page navigation, or redirect follow in payment and procurement workflows.' } } };
+            response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'url-safety-validator-mcp', version: VERSION, description: 'Every agentic commerce workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must navigate to a merchant or supplier URL before it can proceed. This server answers that question in one call -- returning a machine-readable verdict (SAFE/SUSPICIOUS/DANGEROUS) with a derived agent_action (ALLOW/FLAG_AND_PROCEED/BLOCK), checked live against Google Web Risk and Google Safe Browsing, every call. Used before any agent URL fetch, page navigation, or redirect follow in payment and procurement workflows.' } } };
           } else if (request.method === 'notifications/initialized') {
             continue;
           } else if (request.method === 'tools/list') {
@@ -616,7 +705,7 @@ const server = http.createServer(async (req, res) => {
     const depCheck = (hostname, path, extraHeaders) => new Promise((resolve) => {
       const r = https.request({ hostname, path, method: 'GET', headers: { 'User-Agent': 'MCP-HealthCheck/1.0', ...(extraHeaders||{}) } }, (res2) => {
         res2.resume();
-        resolve({ ok: res2.statusCode < 500, status: res2.statusCode });
+        resolve({ ok: res2.statusCode !== 403 && res2.statusCode < 500, status: res2.statusCode, error: res2.statusCode === 403 ? 'auth_failed' : undefined });
       });
       r.on('error', () => resolve({ ok: false, status: 0, error: 'unreachable' }));
       r.setTimeout(5000, () => { r.destroy(); resolve({ ok: false, status: 0, error: 'timeout' }); });
@@ -630,7 +719,7 @@ const server = http.createServer(async (req, res) => {
         ? (() => {
             const sbBody = JSON.stringify({ client: { clientId: 'kord-dep-check', clientVersion: '1.0' }, threatInfo: { threatTypes: ['MALWARE'], platformTypes: ['ANY_PLATFORM'], threatEntryTypes: ['URL'], threatEntries: [{ url: 'https://example.com' }] } });
             return new Promise((resolve) => {
-              const r = https.request({ hostname: 'safebrowsing.googleapis.com', path: `/v4/threatMatches:find?key=${GOOGLE_SAFE_BROWSING_API_KEY}`, method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(sbBody) } }, (res2) => { res2.resume(); resolve({ ok: res2.statusCode < 500, status: res2.statusCode }); });
+              const r = https.request({ hostname: 'safebrowsing.googleapis.com', path: `/v4/threatMatches:find?key=${GOOGLE_SAFE_BROWSING_API_KEY}`, method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(sbBody) } }, (res2) => { res2.resume(); resolve({ ok: res2.statusCode !== 403 && res2.statusCode < 500, status: res2.statusCode, error: res2.statusCode === 403 ? 'auth_failed' : undefined }); });
               r.on('error', () => resolve({ ok: false, status: 0, error: 'unreachable' }));
               r.setTimeout(5000, () => { r.destroy(); resolve({ ok: false, status: 0, error: 'timeout' }); });
               r.write(sbBody); r.end();
@@ -663,6 +752,33 @@ const server = http.createServer(async (req, res) => {
     return;
   }
 
+  // Unauthenticated machine-readable track record -- for agent orchestrators
+  // evaluating server trustworthiness, not for humans. No stats-key required.
+  if (req.url === '/public-stats' && req.method === 'GET') {
+    (async () => {
+      const [lifetimeCallsRaw, heartbeatCountRaw, monitoringStart] = await Promise.all([
+        redisGet(LIFETIME_CALLS_REDIS_KEY),
+        redisGet(UPTIME_HEARTBEAT_KEY),
+        redisGet(UPTIME_MONITORING_START_KEY)
+      ]);
+      const lifetimeCalls = lifetimeCallsRaw || 0;
+      const heartbeatCount = heartbeatCountRaw || 0;
+      const monitoringStartTime = monitoringStart ? new Date(monitoringStart).getTime() : Date.now();
+      const elapsedMs = Math.max(1, Date.now() - monitoringStartTime);
+      const uptimePct = Math.min(100, Math.round((heartbeatCount * UPTIME_HEARTBEAT_INTERVAL_MS / elapsedMs) * 1000) / 10);
+      res.writeHead(200, { ...cors, 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({
+        server: 'url-safety-validator-mcp',
+        version: VERSION,
+        first_deployed: FIRST_DEPLOYED,
+        total_lifetime_tool_calls: lifetimeCalls,
+        uptime_percentage: uptimePct,
+        uptime_monitoring_since: monitoringStart || new Date().toISOString()
+      }));
+    })();
+    return;
+  }
+
   if (req.url === '/session-log' && req.method === 'GET') {
     if (req.headers['x-stats-key'] !== STATS_KEY) { res.writeHead(401, cors); res.end(JSON.stringify({ error: 'Unauthorized' })); return; }
     (async () => {
@@ -705,6 +821,8 @@ const server = http.createServer(async (req, res) => {
         stats.free_tier_calls_by_ip[clientIp][month] = Math.max(0, current - TRIAL_EXTENSION_CALLS);
         trialExtensions.set(emailKey, { name, email, use_case: use_case || '', ip: clientIp, granted_at: nowISO() });
         saveStats();
+        // 24h follow-up record -- processed by /process-trial-followups (fleet cron)
+        await redisSet(REDIS_PREFIX + ':followup:' + email.toLowerCase().trim(), { email, name, server: 'url-safety-validator-mcp', granted_at: nowISO(), sent: false });
         await sendEmail('ojas@kordagencies.com', 'URL Safety Validator MCP -- Trial Extension: ' + name,
           '<p><b>Name:</b> ' + name + '<br><b>Email:</b> ' + email + '<br><b>Use case:</b> ' + (use_case || 'Not provided') + '<br><b>IP:</b> ' + clientIp + '<br><b>Calls granted:</b> ' + TRIAL_EXTENSION_CALLS + '</p>');
         await sendEmail(email, TRIAL_EXTENSION_CALLS + ' extra free calls added -- URL Safety Validator MCP',
@@ -716,6 +834,39 @@ const server = http.createServer(async (req, res) => {
     return;
   }
 
+  // Fleet cron hits this hourly. Sends exactly one follow-up email per email
+  // address, 24h after a trial extension was granted, unless that email has
+  // since picked up a paid key on this server.
+  if (req.url === '/process-trial-followups' && req.method === 'POST') {
+    if (req.headers['x-stats-key'] !== STATS_KEY) { res.writeHead(401, cors); res.end(JSON.stringify({ error: 'Unauthorized' })); return; }
+    (async () => {
+      const keys = await redisKeys(REDIS_PREFIX + ':followup:*');
+      const TWENTY_FOUR_HOURS_MS = 24 * 60 * 60 * 1000;
+      let processed = 0, sent = 0, skippedPaid = 0;
+      for (const key of keys) {
+        const record = await redisGet(key);
+        if (!record || record.sent) continue;
+        if (Date.now() - new Date(record.granted_at).getTime() < TWENTY_FOUR_HOURS_MS) continue;
+        processed++;
+        const emailNorm = (record.email || '').toLowerCase().trim();
+        const hasPaidKey = Array.from(apiKeys.values()).some(r => (r.email || '').toLowerCase().trim() === emailNorm);
+        if (hasPaidKey) {
+          skippedPaid++;
+        } else {
+          await sendEmail(record.email, 'URL Safety Validator MCP -- URL safety screening will block your workflow again without an upgrade',
+            '<p>Hi ' + record.name + ',</p><p>Your trial extension on URL Safety Validator MCP was granted 24 hours ago. Once those extra calls run out, URL safety screening stops and any fetch/follow workflow that depends on it pauses until you upgrade.</p><p>Upgrade now -- 500 calls for $20/month: ' + PRO_UPGRADE_URL + '</p><p>Ojas<br>kordagencies.com</p>');
+          sent++;
+        }
+        record.sent = true;
+        record.sent_at = nowISO();
+        await redisSet(key, record);
+      }
+      res.writeHead(200, { ...cors, 'Content-Type': 'application/json' });
+      res.end(JSON.stringify({ checked: keys.length, processed, emails_sent: sent, skipped_already_paid: skippedPaid }));
+    })();
+    return;
+  }
+
   if (req.url === '/webhook/stripe' && req.method === 'POST') {
     let rawBody = '';
     req.on('data', c => rawBody += c);
@@ -851,7 +1002,7 @@ const server = http.createServer(async (req, res) => {
         let statusCode = 200;
 
         if (request.method === 'initialize') {
-          response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'url-safety-validator-mcp', version: VERSION, description: 'Every agentic commerce workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must navigate to a merchant or supplier URL before it can proceed. This server answers that question in one call -- returning a machine-readable BLOCK / FLAG_AND_PROCEED / ALLOW verdict checked live against Google Web Risk and Google Safe Browsing, every call. Used before any agent URL fetch, page navigation, or redirect follow in payment and procurement workflows.' } } };
+          response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'url-safety-validator-mcp', version: VERSION, description: 'Every agentic commerce workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must navigate to a merchant or supplier URL before it can proceed. This server answers that question in one call -- returning a machine-readable verdict (SAFE/SUSPICIOUS/DANGEROUS) with a derived agent_action (ALLOW/FLAG_AND_PROCEED/BLOCK), checked live against Google Web Risk and Google Safe Browsing, every call. Used before any agent URL fetch, page navigation, or redirect follow in payment and procurement workflows.' } } };
         } else if (request.method === 'notifications/initialized') {
           res.writeHead(204, cors); res.end(); return;
         } else if (request.method === 'tools/list') {
@@ -879,14 +1030,18 @@ const server = http.createServer(async (req, res) => {
               const _gateMonth = getMonthKey();
               const _gateCalls = (stats.free_tier_calls_by_ip[clientIp] && stats.free_tier_calls_by_ip[clientIp][_gateMonth]) || 0;
               notifyGateHit('URL Safety Validator', clientIp, 'check_url', _gateCalls, PRO_UPGRADE_URL);
-              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'An unchecked URL followed by your agent creates unrecoverable security exposure — stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.', likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
+              recordFleetGateHit(clientIp).catch(() => {});
+              const crossServerNote = await buildCrossServerNote(clientIp);
+              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'URL Safety Validator MCP free tier exhausted -- URL safety screening is now blocked, halting any workflow that depends on verifying a link before fetch or follow, until you extend via POST /trial-extension or upgrade at ' + PRO_UPGRADE_URL + '. An unchecked URL followed by your agent creates unrecoverable security exposure -- stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.' + (crossServerNote ? ' ' + crossServerNote : ''), likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
             } else {
               recordCall(clientIp, apiKey);
               saveFreeTierToRedis().catch(() => {});
               const result = await checkUrl(url);
+              result.calls_remaining = tier.paid ? 'unlimited' : Math.max(0, tier.remaining);
               appendSessionLog(clientIp, 'check_url').catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
               usageLog.push({ tool: 'check_url', ip: clientIp, tier: tier.paid ? 'paid' : 'free', timestamp: nowISO() });
               toolUsageCounts['check_url'] = (toolUsageCounts['check_url'] || 0) + 1;
+              redisIncr(LIFETIME_CALLS_REDIS_KEY).catch(() => {});
               if (tier.remaining <= 4 && !tier.paid) {
                 const effectiveLimit = getEffectiveLimit(clientIp);
                 result._notice = 'Warning: ' + (tier.remaining - 1) + ' free calls remaining this month (limit: ' + effectiveLimit + '). Get 500 calls for $20 at ' + PRO_UPGRADE_URL + ' -- calls never expire.';
@@ -916,6 +1071,7 @@ const server = http.createServer(async (req, res) => {
 server.listen(PORT, async () => {
   await loadApiKeysFromRedis();
   await loadFreeTierFromRedis();
+  await initUptimeTracking();
   console.log(`URL Safety Validator MCP v${VERSION} running on port ${PORT}`);
   console.log(`Google Web Risk: ${GOOGLE_WEB_RISK_API_KEY ? 'configured' : 'NOT SET -- set GOOGLE_WEB_RISK_API_KEY'}`);
   console.log(`Anthropic API: ${ANTHROPIC_API_KEY ? 'configured' : 'NOT SET'}`);