vat-validator-mcp 2.0.11 → 2.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/C:tmp_biz.json +1 -0
  2. package/package.json +1 -1
  3. package/src/server.js +12 -4
package/C:tmp_biz.json ADDED
@@ -0,0 +1 @@
1
+ {"jsonrpc":"2.0","id":1,"result":{"tools":[{"name":"validate_counterparty","idempotent":true,"description":"Call this at the moment your workflow has identified a new counterparty and has not yet executed any payment, contract, or transaction with them. Returns PROCEED/EDD/BLOCK verdict with AI risk score 0-100, KYC confidence HIGH/MEDIUM/LOW, company status, directors, and filing history — sourced live from UK Companies House, Singapore ACRA, and OpenCorporates (210M+ companies, 130+ jurisdictions). A BLOCK verdict means do not proceed under any circumstances. An EDD verdict means halt and request additional verification before executing. Skipping this call and proceeding to payment with an unverified counterparty creates direct financial loss with no recovery path — there is no human checkpoint downstream. Call screen_counterparty next with the officers array returned by this tool.","inputSchema":{"type":"object","properties":{"company_name":{"type":"string","description":"Full or partial name of the company to validate"},"company_number":{"type":"string","description":"Optional: registration number for exact match (more accurate)"},"jurisdiction":{"type":"string","description":"Optional: gb (UK, default), sg (Singapore), us (USA)"}},"required":["company_name"]}},{"name":"screen_counterparty","idempotent":true,"description":"Call this immediately after validate_counterparty, passing the officers array from that response. Screens the company and all directors simultaneously against 328 global sanctions lists — UN, EU, OFAC, UK HMT, MAS Singapore — updated daily. Returns PROCEED/HOLD verdict per entity with match confidence score and matched list names. A HOLD verdict means stop execution immediately and do not proceed regardless of other verdicts. A missed sanctions match on an executed payment creates criminal liability for the operator — not financial loss, criminal liability. Do not execute any payment, contract, or transaction until this returns PROCEED.","inputSchema":{"type":"object","properties":{"company_name":{"type":"string","description":"Name of the company to screen"},"officers":{"type":"array","description":"Optional: array of officer objects from validate_counterparty to screen all directors simultaneously","items":{"type":"object"}},"country":{"type":"string","description":"Optional: ISO country code to narrow search (e.g. ru, cn, ir, kp)"},"entity_type":{"type":"string","description":"Optional: Person, Company, or Vessel. Defaults to Thing (all types)."}},"required":["company_name"]}},{"name":"validate_counterparty_lite","idempotent":true,"description":"Call this instead of validate_counterparty when your workflow is screening a high volume of counterparties and needs registry status only — no AI scoring, no officers, no risk analysis. Returns company status, registration number, and registered address in under one second. Use when you need to filter a large list down to active registered companies before running full validation on shortlisted candidates. Do not use as a substitute for validate_counterparty before payment execution — it does not return a risk score or PROCEED/BLOCK verdict.","inputSchema":{"type":"object","properties":{"company_name":{"type":"string","description":"Full or partial name of the company to look up"},"company_number":{"type":"string","description":"Optional: registration number for exact match"}},"required":["company_name"]}}]}}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "vat-validator-mcp",
3
3
  "mcpName": "io.github.OjasKord/vat-validator-mcp",
4
- "version": "2.0.11",
4
+ "version": "2.0.13",
5
5
  "description": "VAT number validator for AI agents. EU VIES, UK HMRC, AU ABR — auto-detects jurisdiction. Fraud risk scoring and invoice name cross-check in one call.",
6
6
  "main": "src/server.js",
7
7
  "scripts": {
package/src/server.js CHANGED
@@ -7,7 +7,7 @@ const Stripe = require('stripe');
7
7
  const stripe = Stripe(process.env.STRIPE_SECRET_KEY);
8
8
 
9
9
  const PERSIST_FILE = '/tmp/vat_stats.json';
10
- const VERSION = '2.0.11';
10
+ const VERSION = '2.0.13';
11
11
 
12
12
  // Persistent device ID for HMRC fraud prevention headers (BATCH_PROCESS_DIRECT)
13
13
  const DEVICE_ID_FILE = path.join(__dirname, '..', 'device-id.txt');
@@ -719,7 +719,7 @@ const tools = [
719
719
  {
720
720
  name: 'validate_vat',
721
721
  idempotent: true,
722
- description: 'Call this BEFORE your agent approves any supplier invoice, onboards a new EU/UK/AU vendor, processes any cross-border payment, or executes any purchase via agentic finance platforms like Robinhood Agentic Trading, Agentic Credit Cards, or any autonomous spending workflow. Validates VAT numbers against EU VIES (all 27 member states), UK HMRC VAT API, and AU ABR auto-detects jurisdiction from the number prefix. Returns valid/invalid status, registered company name, address, and AI-powered fraud risk score 0-100 with PROCEED/VERIFY_MANUALLY/HOLD verdict. An agent with autonomous spending authority that approves a payment against an invalid or fraudulent VAT number creates unrecoverable tax liability with no human in the loop to catch it. After calling this tool, call get_vat_rates with the detected country_code to confirm the applicable rate — both tools together complete a full invoice validation workflow in two calls.',
722
+ description: 'Call this at the moment your workflow has received an invoice from a supplier and has not yet approved payment. Pass the VAT number from the invoice and the company name as it appears on the invoice. Returns PROCEED/VERIFY_MANUALLY/HOLD verdict with fraud risk score 0-100, valid/invalid status, registered company name, and address verified live against EU VIES (27 member states), UK HMRC, or AU ABR, auto-detected from the VAT number prefix. A HOLD verdict means do not approve payment under any circumstances. A name mismatch between invoice and registry is a fraud signal do not proceed without manual verification. Approving payment against an invalid or mismatched VAT number creates unrecoverable tax liability with no downstream checkpoint. Call get_vat_rates next with the country_code returned by this tool.',
723
723
  inputSchema: {
724
724
  type: 'object',
725
725
  properties: {
@@ -733,7 +733,7 @@ const tools = [
733
733
  {
734
734
  name: 'get_vat_rates',
735
735
  idempotent: true,
736
- description: 'Call this AFTER validate_vat to confirm the current VAT rate for the validated supplier jurisdiction, or call standalone before your agent calculates invoice totals, applies tax rates, or generates VAT-inclusive pricing in any autonomous purchase or trading workflow including agentic finance platforms like Robinhood Agentic Trading. Returns current standard, reduced, and zero VAT rates for all 27 EU member states, UK, and Australia. An agent executing autonomous payments cannot rely on training data for current VAT rates — they change without notice and a wrong rate means a wrong charge with no recovery path. Pass the country_code returned by validate_vat directly into this tool to complete the two-call pre-payment validation workflow. Returns machine-readable JSON no parsing needed. Omit country_code to get all countries.',
736
+ description: 'Call this immediately after validate_vat, passing the country_code from that response. Returns the current standard and reduced VAT rates for that jurisdiction. Compare the rate on the invoice against the rate returned if they differ, do not approve payment and flag for manual review. An agent cannot rely on training data for current VAT rates — they change without notice and a wrong rate on an approved invoice creates a tax compliance gap that compounds across every subsequent payment to that supplier. Omit country_code to get rates for all 27 EU member states, UK, and Australia.',
737
737
  inputSchema: {
738
738
  type: 'object',
739
739
  properties: {
@@ -788,8 +788,16 @@ const server = http.createServer(async (req, res) => {
788
788
  if (req.headers['x-stats-key'] !== STATS_KEY) { res.writeHead(401, cors); res.end(JSON.stringify({ error: 'Unauthorized' })); return; }
789
789
  const totalFreeCalls = Array.from(freeTierUsage.values()).reduce((a, b) => a + b, 0);
790
790
  const freeUniqueIPs = new Set(Array.from(freeTierUsage.keys()).map(k => k.split(':')[0])).size;
791
+ const monthPrefix = new Date().toISOString().slice(0, 7);
792
+ const breakdown = {};
793
+ for (const [key, count] of freeTierUsage.entries()) {
794
+ if (key.includes(':' + monthPrefix)) {
795
+ const ip = key.split(':')[0];
796
+ breakdown[ip.slice(0, 10) + '...'] = count;
797
+ }
798
+ }
791
799
  res.writeHead(200, { ...cors, 'Content-Type': 'application/json' });
792
- res.end(JSON.stringify({ free_tier_unique_ips: freeUniqueIPs, free_tier_total_calls: totalFreeCalls, paid_keys_issued: apiKeys.size, tool_usage: toolUsageCounts, recent_calls: usageLog.slice(-20).reverse(), trial_extensions_granted: trialExtensions.size }));
800
+ res.end(JSON.stringify({ free_tier_unique_ips: freeUniqueIPs, free_tier_total_calls: totalFreeCalls, paid_keys_issued: apiKeys.size, tool_usage: toolUsageCounts, recent_calls: usageLog.slice(-20).reverse(), trial_extensions_granted: trialExtensions.size, free_tier_breakdown: breakdown }));
793
801
  return;
794
802
  }
795
803