vat-validator-mcp 2.0.10 → 2.0.11

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "vat-validator-mcp",
   "mcpName": "io.github.OjasKord/vat-validator-mcp",
-  "version": "2.0.10",
+  "version": "2.0.11",
   "description": "VAT number validator for AI agents. EU VIES, UK HMRC, AU ABR — auto-detects jurisdiction. Fraud risk scoring and invoice name cross-check in one call.",
   "main": "src/server.js",
   "scripts": {

package/src/server.js

@@ -7,7 +7,7 @@ const Stripe = require('stripe');
 const stripe = Stripe(process.env.STRIPE_SECRET_KEY);
 
 const PERSIST_FILE = '/tmp/vat_stats.json';
-const VERSION = '2.0.10';
+const VERSION = '2.0.11';
 
 // Persistent device ID for HMRC fraud prevention headers (BATCH_PROCESS_DIRECT)
 const DEVICE_ID_FILE = path.join(__dirname, '..', 'device-id.txt');

package/patch_vat_v134.js

@@ -1,84 +0,0 @@
-const fs = require('fs');
-let c = fs.readFileSync('C:/vat-validator-mcp/src/server.js', 'utf8');
-
-console.log('File size:', c.length);
-console.log('Has vat_stats:', c.includes('vat_stats'));
-console.log('Version 1.3.2:', c.includes('1.3.2'));
-console.log('Has validate_vat:', c.includes('validate_vat'));
-
-if (!c.includes('vat_stats')) {
-  console.error('ERROR: Wrong file');
-  process.exit(1);
-}
-
-// 1. Add FREE_TIER_WARNING constant
-c = c.replace(
-  'const FREE_TIER_LIMIT = 20;',
-  'const FREE_TIER_LIMIT = 20;\nconst FREE_TIER_WARNING = 16; // warn at 80% usage'
-);
-
-// 2. Bump version to 1.4.0
-c = c.replace(/1\.3\.2/g, '1.4.0');
-
-// 3. Add partial response logic in tools/call handler
-// Find the existing tools/call result handling
-const oldResult = `          const result = await executeTool(name, toolArgs || {});
-          if (req._accessWarning) result._notice = req._accessWarning;
-          response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };`;
-
-const newResult = `          const result = await executeTool(name, toolArgs || {});
-          if (req._accessWarning) result._notice = req._accessWarning;
-
-          // Partial response for free tier
-          if (req._tier === 'free' && !result.error) {
-            const ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
-            const used = freeTierUsage.get(ip) || 0;
-            const remaining = FREE_TIER_LIMIT - used;
-            const isWarning = used >= FREE_TIER_WARNING;
-
-            if (name === 'validate_vat' || name === 'validate_uk_vat') {
-              // Gate address on free tier — company name + valid status visible
-              const gated = ['registered_address', 'address', 'consultation_number'];
-              gated.forEach(f => delete result[f]);
-              result._upgrade_note = 'Free tier: ' + remaining + ' of ' + FREE_TIER_LIMIT + ' calls remaining. Upgrade to Pro ($39/month) at kordagencies.com for full registered address and HMRC consultation number.';
-              result._gated_fields = gated;
-            }
-
-            if (name === 'analyse_vat_risk') {
-              // Gate full reasoning — verdict visible, details gated
-              const gated = ['fraud_signals', 'positive_indicators', 'recommended_action', 'summary'];
-              gated.forEach(f => delete result[f]);
-              result._upgrade_note = 'Free tier: ' + remaining + ' of ' + FREE_TIER_LIMIT + ' calls remaining. Upgrade to Pro ($39/month) at kordagencies.com for full fraud signal breakdown, positive indicators, and recommended action.';
-              result._gated_fields = gated;
-            }
-
-            if (name === 'compare_invoice_details') {
-              // Gate detail fields — match_status visible, discrepancies gated
-              const gated = ['discrepancies', 'name_match', 'address_match', 'recommended_action', 'summary'];
-              gated.forEach(f => delete result[f]);
-              result._upgrade_note = 'Free tier: ' + remaining + ' of ' + FREE_TIER_LIMIT + ' calls remaining. Upgrade to Pro ($39/month) at kordagencies.com for full discrepancy analysis and recommended action.';
-              result._gated_fields = gated;
-            }
-
-            if (isWarning) result._notice = 'Warning: only ' + remaining + ' free call' + (remaining === 1 ? '' : 's') + ' left this month. Upgrade to Pro at kordagencies.com to avoid interruption.';
-          }
-
-          response = { jsonrpc: '2.0', id: request.id, result: { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] } };`;
-
-if (!c.includes(oldResult)) {
-  console.error('ERROR: Could not find tool call handler');
-  const idx = c.indexOf('executeTool(name');
-  console.log('executeTool at:', idx);
-  console.log('Context:', c.substring(idx - 20, idx + 150));
-  process.exit(1);
-}
-
-c = c.replace(oldResult, newResult);
-
-console.log('FREE_TIER_WARNING:', c.includes('FREE_TIER_WARNING'));
-console.log('Version 1.4.0:', c.includes('1.4.0'));
-console.log('Partial response:', c.includes('_upgrade_note'));
-console.log('New size:', c.length);
-
-fs.writeFileSync('C:/vat-validator-mcp/src/server.js', c);
-console.log('Done');

package/privacy.html

@@ -1,501 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Privacy Policy — Kord Agencies</title>
-  <link rel="preconnect" href="https://fonts.googleapis.com">
-  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-  <link href="https://fonts.googleapis.com/css2?family=DM+Mono:ital,wght@0,300;0,400;0,500;1,300;1,400&display=swap" rel="stylesheet">
-  <style>
-    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
-
-    :root {
-      --bg:        #070910;
-      --bg-2:      #0C1018;
-      --bg-3:      #111722;
-      --teal:      #00E5C3;
-      --amber:     #F0A030;
-      --text:      #E2E8F2;
-      --text-2:    #8895AA;
-      --text-3:    #505A6A;
-      --border:    rgba(255,255,255,0.06);
-      --border-2:  rgba(255,255,255,0.12);
-      --teal-dim:  rgba(0,229,195,0.08);
-      --teal-border: rgba(0,229,195,0.25);
-    }
-
-    html { font-size: 14px; }
-
-    body {
-      background: var(--bg);
-      color: var(--text);
-      font-family: 'DM Mono', monospace;
-      line-height: 1.7;
-      min-height: 100vh;
-    }
-
-    /* ── Nav ── */
-    nav {
-      height: 44px;
-      border-bottom: 1px solid var(--border);
-      display: flex;
-      align-items: center;
-      padding: 0 1.5rem;
-      position: sticky;
-      top: 0;
-      background: var(--bg);
-      z-index: 10;
-    }
-    nav a {
-      color: var(--teal);
-      text-decoration: none;
-      font-size: 11px;
-      letter-spacing: 0.1em;
-      text-transform: uppercase;
-    }
-    nav .sep {
-      color: var(--text-3);
-      margin: 0 0.6rem;
-      font-size: 11px;
-    }
-    nav .current {
-      color: var(--text-2);
-      font-size: 11px;
-      letter-spacing: 0.05em;
-    }
-
-    /* ── Layout ── */
-    .wrap {
-      max-width: 780px;
-      margin: 0 auto;
-      padding: 3rem 1.5rem 5rem;
-    }
-
-    /* ── Header ── */
-    .page-header {
-      border-bottom: 1px solid var(--border);
-      padding-bottom: 2rem;
-      margin-bottom: 2.5rem;
-    }
-    .label {
-      font-size: 10px;
-      letter-spacing: 0.15em;
-      text-transform: uppercase;
-      color: var(--teal);
-      margin-bottom: 0.75rem;
-    }
-    h1 {
-      font-size: 1.4rem;
-      font-weight: 400;
-      color: var(--text);
-      letter-spacing: -0.01em;
-      margin-bottom: 0.75rem;
-    }
-    .meta {
-      font-size: 11px;
-      color: var(--text-3);
-      letter-spacing: 0.05em;
-    }
-    .meta span { color: var(--text-2); }
-
-    /* ── Sections ── */
-    section {
-      margin-bottom: 2.5rem;
-      padding-bottom: 2.5rem;
-      border-bottom: 1px solid var(--border);
-    }
-    section:last-of-type {
-      border-bottom: none;
-    }
-    h2 {
-      font-size: 11px;
-      font-weight: 500;
-      letter-spacing: 0.12em;
-      text-transform: uppercase;
-      color: var(--teal);
-      margin-bottom: 1rem;
-    }
-    p {
-      font-size: 13px;
-      color: var(--text-2);
-      margin-bottom: 0.9rem;
-      line-height: 1.75;
-    }
-    p:last-child { margin-bottom: 0; }
-
-    /* ── Callout box ── */
-    .callout {
-      background: var(--teal-dim);
-      border: 1px solid var(--teal-border);
-      border-radius: 4px;
-      padding: 1rem 1.25rem;
-      margin: 1.25rem 0;
-      font-size: 12px;
-      color: var(--text);
-      line-height: 1.7;
-    }
-    .callout strong {
-      color: var(--teal);
-      font-weight: 500;
-    }
-
-    /* ── Data table ── */
-    .data-table {
-      width: 100%;
-      border-collapse: collapse;
-      font-size: 12px;
-      margin: 1rem 0;
-    }
-    .data-table th {
-      text-align: left;
-      font-size: 10px;
-      letter-spacing: 0.1em;
-      text-transform: uppercase;
-      color: var(--text-3);
-      padding: 0.5rem 0.75rem;
-      border-bottom: 1px solid var(--border-2);
-      font-weight: 400;
-    }
-    .data-table td {
-      padding: 0.65rem 0.75rem;
-      border-bottom: 1px solid var(--border);
-      color: var(--text-2);
-      vertical-align: top;
-    }
-    .data-table tr:last-child td { border-bottom: none; }
-    .data-table td:first-child { color: var(--text); }
-    .tag {
-      display: inline-block;
-      font-size: 9px;
-      letter-spacing: 0.1em;
-      text-transform: uppercase;
-      padding: 2px 6px;
-      border-radius: 3px;
-      font-weight: 500;
-    }
-    .tag-no  { background: rgba(248,113,113,0.1); color: #F87171; border: 1px solid rgba(248,113,113,0.2); }
-    .tag-yes { background: rgba(0,229,195,0.1);   color: var(--teal); border: 1px solid var(--teal-border); }
-    .tag-ltd { background: rgba(240,160,48,0.1);  color: var(--amber); border: 1px solid rgba(240,160,48,0.2); }
-
-    /* ── Inline list ── */
-    ul.plain {
-      list-style: none;
-      margin: 0.5rem 0 0.9rem;
-      padding: 0;
-    }
-    ul.plain li {
-      font-size: 13px;
-      color: var(--text-2);
-      padding: 0.3rem 0;
-      padding-left: 1rem;
-      position: relative;
-    }
-    ul.plain li::before {
-      content: '—';
-      position: absolute;
-      left: 0;
-      color: var(--text-3);
-    }
-
-    /* ── Contact block ── */
-    .contact-block {
-      background: var(--bg-2);
-      border: 1px solid var(--border-2);
-      border-radius: 4px;
-      padding: 1.25rem;
-      font-size: 12px;
-      color: var(--text-2);
-      line-height: 1.9;
-    }
-    .contact-block a {
-      color: var(--teal);
-      text-decoration: none;
-    }
-    .contact-block a:hover { text-decoration: underline; }
-    .contact-block .field {
-      display: flex;
-      gap: 1rem;
-    }
-    .contact-block .field-label {
-      color: var(--text-3);
-      font-size: 10px;
-      letter-spacing: 0.1em;
-      text-transform: uppercase;
-      min-width: 80px;
-      padding-top: 1px;
-    }
-
-    /* ── Footer ── */
-    footer {
-      border-top: 1px solid var(--border);
-      padding: 1.5rem;
-      text-align: center;
-      font-size: 11px;
-      color: var(--text-3);
-      letter-spacing: 0.05em;
-    }
-    footer a { color: var(--text-3); text-decoration: none; }
-    footer a:hover { color: var(--text-2); }
-  </style>
-</head>
-<body>
-
-  <nav>
-    <a href="https://kordagencies.com">kordagencies.com</a>
-    <span class="sep">/</span>
-    <span class="current">Privacy Policy</span>
-  </nav>
-
-  <div class="wrap">
-
-    <div class="page-header">
-      <div class="label">Legal</div>
-      <h1>Privacy Policy</h1>
-      <div class="meta">
-        Kord Agencies &nbsp;·&nbsp; <span>Last updated May 2026</span>
-      </div>
-    </div>
-
-    <!-- 1 -->
-    <section>
-      <h2>Who we are</h2>
-      <p>
-        This policy applies to VAT Validator MCP and all services operated by
-        <strong style="color:var(--text)">Kord Agencies</strong>, a company incorporated in Singapore.
-      </p>
-      <div class="contact-block">
-        <div class="field"><span class="field-label">Company</span> Kord Agencies, Singapore</div>
-        <div class="field"><span class="field-label">Contact</span> <a href="mailto:ojas@kordagencies.com">ojas@kordagencies.com</a></div>
-        <div class="field"><span class="field-label">Service</span> VAT Validator MCP — <a href="https://kordagencies.com">kordagencies.com</a></div>
-      </div>
-    </section>
-
-    <!-- 2 -->
-    <section>
-      <h2>What we collect</h2>
-
-      <div class="callout">
-        <strong>VAT numbers you submit are never logged or stored.</strong> Query content — the VAT numbers, company names, and invoice amounts passed to our tools — is transmitted to the relevant government API and immediately discarded. It does not touch our database.
-      </div>
-
-      <table class="data-table">
-        <thead>
-          <tr>
-            <th>Data</th>
-            <th>Why</th>
-            <th>Stored</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr>
-            <td>Email address</td>
-            <td>Paid subscribers only — to deliver your API key</td>
-            <td><span class="tag tag-yes">Yes</span></td>
-          </tr>
-          <tr>
-            <td>Payment information</td>
-            <td>Processed by Stripe — we never see raw card data</td>
-            <td><span class="tag tag-no">Stripe only</span></td>
-          </tr>
-          <tr>
-            <td>API key</td>
-            <td>Authentication and usage tracking for paid plans</td>
-            <td><span class="tag tag-yes">Yes</span></td>
-          </tr>
-          <tr>
-            <td>IP address</td>
-            <td>Free tier rate limiting (50 calls/month/IP). Stored as truncated hash, not full address.</td>
-            <td><span class="tag tag-ltd">Truncated</span></td>
-          </tr>
-          <tr>
-            <td>Tool name + timestamp</td>
-            <td>Aggregate usage statistics (e.g. "validate_vat called at 14:22"). No query content.</td>
-            <td><span class="tag tag-ltd">Aggregate</span></td>
-          </tr>
-          <tr>
-            <td>VAT numbers / query content</td>
-            <td>Not applicable — not collected</td>
-            <td><span class="tag tag-no">Never</span></td>
-          </tr>
-        </tbody>
-      </table>
-    </section>
-
-    <!-- 3 -->
-    <section>
-      <h2>Where data is stored</h2>
-      <p>
-        Subscriber API keys and rate-limiting counters are stored in
-        <strong style="color:var(--text)">Upstash Redis</strong> (hosted in the United States).
-        The application itself runs on <strong style="color:var(--text)">Railway</strong>
-        (hosted in the United States). Both providers maintain industry-standard
-        encryption at rest and in transit.
-      </p>
-      <p>
-        We do not operate our own database servers. No data is stored in Singapore.
-      </p>
-    </section>
-
-    <!-- 4 -->
-    <section>
-      <h2>Third-party services</h2>
-      <p>
-        When you call our tools, your VAT number is forwarded to the relevant official
-        government registry to perform the lookup. These are read-only API calls — no
-        personal data about you is sent to them.
-      </p>
-      <table class="data-table">
-        <thead>
-          <tr>
-            <th>Third party</th>
-            <th>Purpose</th>
-            <th>Data sent</th>
-          </tr>
-        </thead>
-        <tbody>
-          <tr>
-            <td>Stripe</td>
-            <td>Payment processing and subscription management</td>
-            <td>Name, email, card details (handled entirely by Stripe)</td>
-          </tr>
-          <tr>
-            <td>UK HMRC VAT API v2</td>
-            <td>UK VAT number validation</td>
-            <td>VAT number only</td>
-          </tr>
-          <tr>
-            <td>EU VIES (ec.europa.eu)</td>
-            <td>EU VAT number validation (all 27 member states)</td>
-            <td>VAT number only</td>
-          </tr>
-          <tr>
-            <td>Australian ABR (abr.business.gov.au)</td>
-            <td>Australian ABN validation</td>
-            <td>ABN only</td>
-          </tr>
-          <tr>
-            <td>Anthropic (Claude API)</td>
-            <td>AI-powered fraud risk analysis</td>
-            <td>Validation result metadata — no raw VAT numbers or personal data</td>
-          </tr>
-          <tr>
-            <td>Upstash Redis</td>
-            <td>API key storage and rate limiting</td>
-            <td>API keys and truncated IP counters</td>
-          </tr>
-          <tr>
-            <td>Railway</td>
-            <td>Application hosting</td>
-            <td>Application logs (no query content)</td>
-          </tr>
-        </tbody>
-      </table>
-    </section>
-
-    <!-- 5 -->
-    <section>
-      <h2>Legal basis and UK GDPR</h2>
-      <p>
-        Where we process personal data relating to individuals in the UK or EEA, we do so
-        under the following legal bases:
-      </p>
-      <ul class="plain">
-        <li><strong style="color:var(--text)">Contract performance</strong> — processing your email and API key to deliver the service you subscribed to.</li>
-        <li><strong style="color:var(--text)">Legitimate interests</strong> — rate limiting by truncated IP address to prevent abuse of the free tier.</li>
-        <li><strong style="color:var(--text)">Legal obligation</strong> — retaining transaction records as required for tax compliance.</li>
-      </ul>
-      <p>
-        We comply with the UK General Data Protection Regulation (UK GDPR) and the
-        Data Protection Act 2018. For EEA residents, we comply with EU GDPR (Regulation
-        2016/679). Transfers of personal data to the United States (Upstash, Railway,
-        Anthropic) are made under Standard Contractual Clauses or equivalent adequacy
-        mechanisms.
-      </p>
-    </section>
-
-    <!-- 6 -->
-    <section>
-      <h2>Data retention</h2>
-      <ul class="plain">
-        <li>API keys and associated email addresses are retained for the lifetime of the subscription plus 90 days, then deleted.</li>
-        <li>Truncated IP rate-limit counters reset automatically each calendar month.</li>
-        <li>Aggregate tool usage statistics (tool name + timestamp, no content) are retained for up to 12 months for service improvement.</li>
-        <li>Stripe retains payment records in accordance with their own privacy policy and applicable financial regulations.</li>
-      </ul>
-    </section>
-
-    <!-- 7 -->
-    <section>
-      <h2>Your rights</h2>
-      <p>
-        Under UK GDPR and EU GDPR, you have the right to access, rectify, or erase
-        personal data we hold about you. You also have the right to restrict or object
-        to processing, and to data portability where applicable.
-      </p>
-      <p>
-        To exercise any of these rights — including requesting deletion of your API key
-        and associated email — contact us at:
-      </p>
-      <div class="contact-block" style="margin-top:0.75rem">
-        <div class="field">
-          <span class="field-label">Email</span>
-          <a href="mailto:ojas@kordagencies.com">ojas@kordagencies.com</a>
-        </div>
-        <div class="field">
-          <span class="field-label">Response</span>
-          Within 30 days of receipt
-        </div>
-      </div>
-      <p style="margin-top:1rem">
-        If you are located in the UK, you have the right to lodge a complaint with the
-        Information Commissioner's Office (ICO) at
-        <a href="https://ico.org.uk" style="color:var(--teal)">ico.org.uk</a>.
-        If you are in the EEA, you may contact your local supervisory authority.
-      </p>
-    </section>
-
-    <!-- 8 -->
-    <section>
-      <h2>Cookies and tracking</h2>
-      <p>
-        The VAT Validator MCP API does not use cookies, browser tracking, analytics
-        scripts, or fingerprinting of any kind. This privacy policy page itself does not
-        set any cookies.
-      </p>
-    </section>
-
-    <!-- 9 -->
-    <section>
-      <h2>Changes to this policy</h2>
-      <p>
-        We may update this policy from time to time. The date at the top of this page
-        reflects when it was last revised. Material changes will be communicated to
-        active subscribers by email.
-      </p>
-    </section>
-
-    <!-- 10 -->
-    <section>
-      <h2>Contact</h2>
-      <div class="contact-block">
-        <div class="field"><span class="field-label">Company</span> Kord Agencies, Singapore</div>
-        <div class="field"><span class="field-label">Email</span> <a href="mailto:ojas@kordagencies.com">ojas@kordagencies.com</a></div>
-        <div class="field"><span class="field-label">Website</span> <a href="https://kordagencies.com">kordagencies.com</a></div>
-      </div>
-    </section>
-
-  </div><!-- /wrap -->
-
-  <footer>
-    <a href="https://kordagencies.com">kordagencies.com</a>
-    &nbsp;·&nbsp;
-    <a href="https://kordagencies.com/terms.html">Terms</a>
-    &nbsp;·&nbsp;
-    Privacy Policy
-    &nbsp;·&nbsp;
-    &copy; 2026 Kord Agencies
-  </footer>
-
-</body>
-</html>