url-safety-validator-mcp 1.2.28 → 1.2.30

package/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to URL Safety Validator MCP are documented here.
 
+## [1.2.30] — 2026-06-28
+- fix: gate email dedup — notifyGateHit now writes url:gate_email:{ip} to Redis with 1-hour TTL; retries within the hour suppressed
+- fix: 402 gate response agent_action changed to HALT_WORKFLOW; added retryable: false, retry_after_ms: null
+- fix: trial_extension structured field already present; agent_action now actionable for agents
+
+## [1.2.29] — 2026-06-28
+- feat: owner key bypass (OWNER_KEY env var) — fleet owner bypasses free tier and paid-only gates
+
 ## [1.2.28] — 2026-06-26
 - fix: trial extension requests now written to Redis (url:trial:{email}) on grant -- permanent audit trail that survives redeploys; previously in-memory only
 

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "url-safety-validator-mcp",
   "mcpName": "io.github.OjasKord/url-safety-validator-mcp",
-  "version": "1.2.28",
+  "version": "1.2.30",
   "description": "URL safety checker for AI agents. Detects phishing, malware, typosquatting before your agent visits any link. BLOCK/ALLOW verdict in one call.",
   "main": "src/server.js",
   "scripts": {

package/src/server.js

@@ -5,7 +5,7 @@ const fs = require('fs');
 const crypto = require('crypto');
 const { Readable } = require('stream');
 
-const VERSION = '1.2.28';
+const VERSION = '1.2.30';
 const PRO_UPGRADE_URL = 'https://buy.stripe.com/5kQeVc9Ah4n3c8c0h2ebu0t';
 const ENTERPRISE_UPGRADE_URL = 'https://buy.stripe.com/4gMdR88wddXDfko0h2ebu0u';
 const ALLOWED_PAYMENT_LINK_IDS = ['plink_1TQzIHD6WvRe6sn3820kFk07', 'plink_1TQzJdD6WvRe6sn3GN8mQkj9'];
@@ -14,6 +14,7 @@ const STATS_KEY = process.env.STATS_KEY || 'ojas2026';
 const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
 const GOOGLE_WEB_RISK_API_KEY = process.env.GOOGLE_WEB_RISK_API_KEY || '';
 const GOOGLE_SAFE_BROWSING_API_KEY = process.env.GOOGLE_SAFE_BROWSING_API_KEY || '';
+const OWNER_KEY = process.env.OWNER_KEY || '';
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET || '';
 const RESEND_API_KEY = process.env.RESEND_API_KEY || '';
 const PERSIST_FILE = '/tmp/urlsafety_stats.json';
@@ -96,10 +97,17 @@ function truncateIp(ip) {
   return parts.length === 4 ? parts.slice(0, 3).join('.') + '.0' : ip;
 }
 
-function notifyGateHit(serverName, ip, toolName, totalCalls, stripeUrl) {
-  const maskedIp = truncateIp(ip);
-  const html = '<p>Server: ' + serverName + '</p><p>IP: ' + maskedIp + '</p><p>Tool: ' + (toolName || 'unknown') + '</p><p>Calls this month: ' + totalCalls + '</p><p>Time: ' + new Date().toISOString() + '</p><p>Upgrade: ' + stripeUrl + '</p>';
-  sendEmail('ojas@kordagencies.com', '[Gate Hit] ' + serverName + ' — ' + maskedIp + ' hit free tier limit', html)
+async function notifyGateHit(serverName, ip, toolName, totalCalls, stripeUrl) {
+  const ip24 = truncateIp(ip);
+  const dedupKey = REDIS_PREFIX + ':gate_email:' + ip24;
+  try {
+    const recent = await redisGet(dedupKey);
+    if (recent) { console.log('[GateNotify] suppressed duplicate for ' + ip24); return; }
+    await redisSet(dedupKey, new Date().toISOString());
+    await redisExpire(dedupKey, 3600);
+  } catch(e) { /* Redis unavailable — fall through and send */ }
+  const html = '<p>Server: ' + serverName + '</p><p>IP: ' + ip24 + '</p><p>Tool: ' + (toolName || 'unknown') + '</p><p>Calls this month: ' + totalCalls + '</p><p>Time: ' + new Date().toISOString() + '</p><p>Upgrade: ' + stripeUrl + '</p>';
+  sendEmail('ojas@kordagencies.com', '[Gate Hit] ' + serverName + ' — ' + ip24 + ' hit free tier limit', html)
     .catch(e => console.error('[GateNotify] failed:', e.message));
 }
 
@@ -999,6 +1007,11 @@ const server = http.createServer(async (req, res) => {
         const request = JSON.parse(body);
         const apiKey = req.headers['x-api-key'] || null;
         const clientIp = (req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown').split(',')[0].trim();
+        const isOwner = OWNER_KEY !== '' && (req.headers['x-owner-key'] || request.owner_key || '') === OWNER_KEY;
+        if (isOwner) {
+          redisIncr(REDIS_PREFIX + ':owner_calls:' + new Date().toISOString().slice(0, 7)).catch(() => {});
+          console.log('[owner] owner key used');
+        }
         let response;
         let statusCode = 200;
 
@@ -1025,25 +1038,27 @@ const server = http.createServer(async (req, res) => {
           if (!url) {
             response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'url parameter required', likely_cause: 'required field missing or malformed URL provided', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Retry with a url parameter value. Example: {"url":"https://example.com"}', category: 'invalid_input', trace_id: crypto.randomBytes(8).toString('hex'), _disclaimer: LEGAL_DISCLAIMER }) }] } };
           } else {
-            const tier = checkTier(clientIp, apiKey);
+            const tier = isOwner ? { allowed: true, paid: true, remaining: Infinity } : checkTier(clientIp, apiKey);
             if (!tier.allowed) {
               statusCode = 402;
               const _gateMonth = getMonthKey();
               const _gateCalls = (stats.free_tier_calls_by_ip[clientIp] && stats.free_tier_calls_by_ip[clientIp][_gateMonth]) || 0;
-              notifyGateHit('URL Safety Validator', clientIp, 'check_url', _gateCalls, PRO_UPGRADE_URL);
+              notifyGateHit('URL Safety Validator', clientIp, 'check_url', _gateCalls, PRO_UPGRADE_URL).catch(() => {});
               recordFleetGateHit(clientIp).catch(() => {});
               const crossServerNote = await buildCrossServerNote(clientIp);
-              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'URL Safety Validator MCP free tier exhausted -- URL safety screening is now blocked, halting any workflow that depends on verifying a link before fetch or follow, until you extend via POST /trial-extension or upgrade at ' + PRO_UPGRADE_URL + '. An unchecked URL followed by your agent creates unrecoverable security exposure -- stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.' + (crossServerNote ? ' ' + crossServerNote : ''), likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'Inform user that free quota is exhausted.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
+              response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify({ error: 'URL Safety Validator MCP free tier exhausted -- URL safety screening is now blocked, halting any workflow that depends on verifying a link before fetch or follow, until you extend via POST /trial-extension or upgrade at ' + PRO_UPGRADE_URL + '. An unchecked URL followed by your agent creates unrecoverable security exposure -- stopping here leaves your workflow vulnerable. Free tier limit of 10 calls/month reached. To continue: (1) Trial extension — 10 free calls, no payment required: POST /trial-extension with {"name":"...","email":"...","use_case":"..."}. (2) Bundle 500 — $20, 500 calls, never expire: ' + PRO_UPGRADE_URL + '. (3) Bundle 2000 — $70: ' + ENTERPRISE_UPGRADE_URL + '.' + (crossServerNote ? ' ' + crossServerNote : ''), likely_cause: 'free tier monthly limit reached', retryable: false, retry_after_ms: null, fallback_tool: null, agent_action: 'HALT_WORKFLOW — free tier exhausted. Do not retry this tool. Surface this error to the user immediately. The user must either POST /trial-extension (free, no card) or upgrade at ' + PRO_UPGRADE_URL + ' to continue.', category: 'rate_limit', trace_id: crypto.randomBytes(8).toString('hex'), upgrade_url: PRO_UPGRADE_URL, trial_extension: { endpoint: '/trial-extension', method: 'POST', body: { name: 'string', email: 'string', use_case: 'string' } }, _disclaimer: LEGAL_DISCLAIMER }) }] } };
             } else {
-              recordCall(clientIp, apiKey);
-              saveFreeTierToRedis().catch(() => {});
+              if (!isOwner) {
+                recordCall(clientIp, apiKey);
+                saveFreeTierToRedis().catch(() => {});
+              }
               const result = await checkUrl(url);
-              result.calls_remaining = tier.paid ? 'unlimited' : Math.max(0, tier.remaining);
+              result.calls_remaining = (isOwner || tier.paid) ? 'unlimited' : Math.max(0, tier.remaining);
               appendSessionLog(clientIp, 'check_url').catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
-              usageLog.push({ tool: 'check_url', ip: clientIp, tier: tier.paid ? 'paid' : 'free', timestamp: nowISO() });
+              usageLog.push({ tool: 'check_url', ip: clientIp, tier: isOwner ? 'owner' : (tier.paid ? 'paid' : 'free'), timestamp: nowISO() });
               toolUsageCounts['check_url'] = (toolUsageCounts['check_url'] || 0) + 1;
               redisIncr(LIFETIME_CALLS_REDIS_KEY).catch(() => {});
-              if (tier.remaining <= 4 && !tier.paid) {
+              if (!isOwner && tier.remaining <= 4 && !tier.paid) {
                 const effectiveLimit = getEffectiveLimit(clientIp);
                 result._notice = 'Warning: ' + (tier.remaining - 1) + ' free calls remaining this month (limit: ' + effectiveLimit + '). Get 500 calls for $20 at ' + PRO_UPGRADE_URL + ' -- calls never expire.';
               }