url-safety-validator-mcp 1.2.25 → 1.2.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/CHANGELOG.md +9 -0
  2. package/package.json +1 -1
  3. package/server.json +48 -48
  4. package/src/server.js +7 -1
  5. package/.claude/settings.local.json +0 -13
package/CHANGELOG.md CHANGED
@@ -2,6 +2,15 @@
2
2
 
3
3
  All notable changes to URL Safety Validator MCP are documented here.
4
4
 
5
+ ## [1.2.27] — 2026-06-25
6
+ - fix: .npmignore was missing a .claude/ exclusion -- .claude/settings.local.json shipped in the v1.2.26 npm tarball. Added token.tmp, *.tmp, .claude/, CLAUDE.md, SYSTEM_PROMPT.md, MCP-Build-Playbook* to .npmignore.
7
+
8
+ ## [1.2.26] — 2026-06-25
9
+ - feat: calls_remaining field added to check_url responses -- "unlimited" for paid keys, numeric free-tier headroom otherwise
10
+ - feat: verdict_ttl field added (3600s/1hr -- threat landscape changes fast)
11
+ - feat: data_source_status field added (full/degraded/partial) -- "degraded" when Google Web Risk (critical source) is unavailable, "partial" when only AI trust scoring is unavailable, "full" when both respond
12
+ - Task 1 (purpose verb + required fields) audited -- already correct on check_url from a prior pass, no changes needed
13
+
5
14
  ## [1.2.25] — 2026-06-24
6
15
  - feat: unauthenticated /public-stats endpoint -- first_deployed, lifetime tool calls, uptime %, version, for agent orchestrators evaluating server trustworthiness
7
16
  - feat: /process-trial-followups endpoint + 24h follow-up record on trial-extension grant
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "url-safety-validator-mcp",
3
3
  "mcpName": "io.github.OjasKord/url-safety-validator-mcp",
4
- "version": "1.2.25",
4
+ "version": "1.2.27",
5
5
  "description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
6
6
  "main": "src/server.js",
7
7
  "scripts": {
package/server.json CHANGED
@@ -1,48 +1,48 @@
1
- {
2
- "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
3
- "name": "io.github.OjasKord/url-safety-validator-mcp",
4
- "title": "URL Safety Validator MCP",
5
- "description": "AI URL safety validator: SAFE/SUSPICIOUS/DANGEROUS verdict, trust score, threat intel.",
6
- "version": "1.2.20",
7
- "websiteUrl": "https://kordagencies.com",
8
- "repository": {
9
- "url": "https://github.com/OjasKord/url-safety-validator-mcp",
10
- "source": "github"
11
- },
12
- "packages": [
13
- {
14
- "registryType": "npm",
15
- "identifier": "url-safety-validator-mcp",
16
- "version": "1.2.19",
17
- "transport": {
18
- "type": "stdio"
19
- },
20
- "environmentVariables": [
21
- {
22
- "name": "ANTHROPIC_API_KEY",
23
- "description": "Anthropic API key for AI trust scoring",
24
- "isRequired": true,
25
- "isSecret": true
26
- },
27
- {
28
- "name": "GOOGLE_WEB_RISK_API_KEY",
29
- "description": "Google Web Risk API key (commercial). Degrades gracefully without it.",
30
- "isRequired": false,
31
- "isSecret": true
32
- },
33
- {
34
- "name": "GOOGLE_SAFE_BROWSING_API_KEY",
35
- "description": "Google Safe Browsing API key (free tier available).",
36
- "isRequired": false,
37
- "isSecret": true
38
- }
39
- ]
40
- }
41
- ],
42
- "remotes": [
43
- {
44
- "type": "streamable-http",
45
- "url": "https://url-safety-validator-mcp-production.up.railway.app"
46
- }
47
- ]
48
- }
1
+ {
2
+ "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
3
+ "name": "io.github.OjasKord/url-safety-validator-mcp",
4
+ "title": "URL Safety Validator MCP",
5
+ "description": "AI URL safety validator: SAFE/SUSPICIOUS/DANGEROUS verdict, trust score, threat intel.",
6
+ "version": "1.2.27",
7
+ "websiteUrl": "https://kordagencies.com",
8
+ "repository": {
9
+ "url": "https://github.com/OjasKord/url-safety-validator-mcp",
10
+ "source": "github"
11
+ },
12
+ "packages": [
13
+ {
14
+ "registryType": "npm",
15
+ "identifier": "url-safety-validator-mcp",
16
+ "version": "1.2.27",
17
+ "transport": {
18
+ "type": "stdio"
19
+ },
20
+ "environmentVariables": [
21
+ {
22
+ "name": "ANTHROPIC_API_KEY",
23
+ "description": "Anthropic API key for AI trust scoring",
24
+ "isRequired": true,
25
+ "isSecret": true
26
+ },
27
+ {
28
+ "name": "GOOGLE_WEB_RISK_API_KEY",
29
+ "description": "Google Web Risk API key (commercial). Degrades gracefully without it.",
30
+ "isRequired": false,
31
+ "isSecret": true
32
+ },
33
+ {
34
+ "name": "GOOGLE_SAFE_BROWSING_API_KEY",
35
+ "description": "Google Safe Browsing API key (free tier available).",
36
+ "isRequired": false,
37
+ "isSecret": true
38
+ }
39
+ ]
40
+ }
41
+ ],
42
+ "remotes": [
43
+ {
44
+ "type": "streamable-http",
45
+ "url": "https://url-safety-validator-mcp-production.up.railway.app"
46
+ }
47
+ ]
48
+ }
package/src/server.js CHANGED
@@ -5,7 +5,7 @@ const fs = require('fs');
5
5
  const crypto = require('crypto');
6
6
  const { Readable } = require('stream');
7
7
 
8
- const VERSION = '1.2.25';
8
+ const VERSION = '1.2.27';
9
9
  const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
10
10
  const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
11
11
  const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzIHD6WvRe6sn3820kFk07', 'plink_1TQzJdD6WvRe6sn3GN8mQkj9'];
@@ -512,6 +512,9 @@ async function checkUrl(rawUrl) {
512
512
  const signals = { google_web_risk: webRisk, google_safe_browsing: safeBrowsing, domain_age: domainAge, ssl };
513
513
 
514
514
  const ai = await getAITrustScore(href, hostname, signals);
515
+ // Caching/staleness policy and source-confidence flag (Task 3/4) -- Google Web Risk is the critical source for this server.
516
+ const VERDICT_TTL_CHECK_URL = 3600; // 1 hour -- threat landscape changes fast
517
+ const dataSourceStatus = !webRisk.available ? 'degraded' : (!ai.available ? 'partial' : 'full');
515
518
 
516
519
  // Determine final verdict -- hard overrides
517
520
  let verdict = ai.available ? ai.verdict : 'SUSPICIOUS';
@@ -554,6 +557,8 @@ async function checkUrl(rawUrl) {
554
557
  },
555
558
  checked_at: nowISO(),
556
559
  source_url: 'webrisk.googleapis.com',
560
+ verdict_ttl: VERDICT_TTL_CHECK_URL,
561
+ data_source_status: dataSourceStatus,
557
562
  _disclaimer: LEGAL_DISCLAIMER
558
563
  };
559
564
 
@@ -1032,6 +1037,7 @@ const server = http.createServer(async (req, res) => {
1032
1037
  recordCall(clientIp, apiKey);
1033
1038
  saveFreeTierToRedis().catch(() => {});
1034
1039
  const result = await checkUrl(url);
1040
+ result.calls_remaining = tier.paid ? 'unlimited' : Math.max(0, tier.remaining);
1035
1041
  appendSessionLog(clientIp, 'check_url').catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
1036
1042
  usageLog.push({ tool: 'check_url', ip: clientIp, tier: tier.paid ? 'paid' : 'free', timestamp: nowISO() });
1037
1043
  toolUsageCounts['check_url'] = (toolUsageCounts['check_url'] || 0) + 1;
package/.claude/settings.local.json DELETED
@@ -1,13 +0,0 @@
1
- {
2
- "permissions": {
3
- "allow": [
4
- "Bash(git add *)",
5
- "Bash(git commit *)",
6
- "Bash(git push *)",
7
- "Bash(railway up *)",
8
- "Bash(curl -sf https://url-safety-validator-mcp-production.up.railway.app/health)",
9
- "Bash(curl -si -X OPTIONS https://url-safety-validator-mcp-production.up.railway.app/health -H \"Origin: https://bizfile.forsenia.in\")",
10
- "Bash(curl -si https://url-safety-validator-mcp-production.up.railway.app/health)"
11
- ]
12
- }
13
- }