url-safety-validator-mcp 1.2.28 → 1.2.29

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "url-safety-validator-mcp",
   "mcpName": "io.github.OjasKord/url-safety-validator-mcp",
-  "version": "1.2.28",
+  "version": "1.2.29",
   "description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
   "main": "src/server.js",
   "scripts": {

package/src/server.js

@@ -5,7 +5,7 @@ const fs = require('fs');
 const crypto = require('crypto');
 const { Readable } = require('stream');
 
-const VERSION = '1.2.28';
+const VERSION = '1.2.29';
 const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
 const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
 const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzIHD6WvRe6sn3820kFk07', 'plink_1TQzJdD6WvRe6sn3GN8mQkj9'];
@@ -14,6 +14,7 @@ const STATS_KEY = process.env.STATS_KEY || 'ojas2026';
 const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
 const GOOGLE_WEB_RISK_API_KEY = process.env.GOOGLE_WEB_RISK_API_KEY || '';
 const GOOGLE_SAFE_BROWSING_API_KEY = process.env.GOOGLE_SAFE_BROWSING_API_KEY || '';
+const OWNER_KEY = process.env.OWNER_KEY || '';
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET || '';
 const RESEND_API_KEY = process.env.RESEND_API_KEY || '';
 const PERSIST_FILE = '/tmp/urlsafety_stats.json';
@@ -999,6 +1000,11 @@ const server = http.createServer(async (req, res) => {
         const request = JSON.parse(body);
         const apiKey = req.headers['x-api-key'] || null;
         const clientIp = (req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown').split(',')[0].trim();
+        const isOwner = OWNER_KEY !== '' && (req.headers['x-owner-key'] || request.owner_key || '') === OWNER_KEY;
+        if (isOwner) {
+          redisIncr(REDIS_PREFIX + ':owner_calls:' + new Date().toISOString().slice(0, 7)).catch(() => {});
+          console.log('[owner] owner key used');
+        }
         let response;
         let statusCode = 200;
 
@@ -1025,7 +1031,7 @@ const server = http.createServer(async (req, res) => {
           if (!url) {
             response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'url parameter required', likely_cause: 'required field missing or malformed URL provided', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Retry with a url parameter value. Example: {"url":"https://example.com"}', category: 'invalid_input', trace_id: crypto.randomBytes(8).toString('hex'), _disclaimer: LEGAL_DISCLAIMER }) }] } };
           } else {
-            const tier = checkTier(clientIp, apiKey);
+            const tier = isOwner ? { allowed: true, paid: true, remaining: Infinity } : checkTier(clientIp, apiKey);
             if (!tier.allowed) {
               statusCode = 402;
               const _gateMonth = getMonthKey();
@@ -1035,15 +1041,17 @@ const server = http.createServer(async (req, res) => {
               const crossServerNote = await buildCrossServerNote(clientIp);
               response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'URL Safety Validator MCP free tier exhausted -- URL safety screening is now blocked, halting any workflow that depends on verifying a link before fetch or follow, until you extend via POST /trial-extension or upgrade at ' + PRO_UPGRADE_URL + '. An unchecked URL followed by your agent creates unrecoverable security exposure -- stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.' + (crossServerNote ? ' ' + crossServerNote : ''), likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
             } else {
-              recordCall(clientIp, apiKey);
-              saveFreeTierToRedis().catch(() => {});
+              if (!isOwner) {
+                recordCall(clientIp, apiKey);
+                saveFreeTierToRedis().catch(() => {});
+              }
               const result = await checkUrl(url);
-              result.calls_remaining = tier.paid ? 'unlimited' : Math.max(0, tier.remaining);
+              result.calls_remaining = (isOwner || tier.paid) ? 'unlimited' : Math.max(0, tier.remaining);
               appendSessionLog(clientIp, 'check_url').catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
-              usageLog.push({ tool: 'check_url', ip: clientIp, tier: tier.paid ? 'paid' : 'free', timestamp: nowISO() });
+              usageLog.push({ tool: 'check_url', ip: clientIp, tier: isOwner ? 'owner' : (tier.paid ? 'paid' : 'free'), timestamp: nowISO() });
               toolUsageCounts['check_url'] = (toolUsageCounts['check_url'] || 0) + 1;
               redisIncr(LIFETIME_CALLS_REDIS_KEY).catch(() => {});
-              if (tier.remaining <= 4 && !tier.paid) {
+              if (!isOwner && tier.remaining <= 4 && !tier.paid) {
                 const effectiveLimit = getEffectiveLimit(clientIp);
                 result._notice = 'Warning: ' + (tier.remaining - 1) + ' free calls remaining this month (limit: ' + effectiveLimit + '). Get 500 calls for $20 at ' + PRO_UPGRADE_URL + ' -- calls never expire.';
               }