vat-validator-mcp 2.0.20 → 2.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/server.js +18 -8
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "vat-validator-mcp",
3
3
  "mcpName": "io.github.OjasKord/vat-validator-mcp",
4
- "version": "2.0.20",
4
+ "version": "2.0.22",
5
5
  "description": "VAT number validator for AI agents. EU VIES, UK HMRC, AU ABR. Fraud risk scoring and name cross-check. PROCEED/HOLD verdict before any invoice payment.",
6
6
  "main": "src/server.js",
7
7
  "scripts": {
package/src/server.js CHANGED
@@ -7,7 +7,7 @@ const Stripe = require('stripe');
7
7
  const stripe = Stripe(process.env.STRIPE_SECRET_KEY);
8
8
 
9
9
  const PERSIST_FILE = '/tmp/vat_stats.json';
10
- const VERSION = '2.0.20';
10
+ const VERSION = '2.0.22';
11
11
 
12
12
  // Persistent device ID for HMRC fraud prevention headers (BATCH_PROCESS_DIRECT)
13
13
  const DEVICE_ID_FILE = path.join(__dirname, '..', 'device-id.txt');
@@ -566,7 +566,7 @@ Return ONLY valid JSON with no preamble or markdown:
566
566
  agentAction = 'PROCEED';
567
567
  }
568
568
 
569
- return {
569
+ const vatResult = {
570
570
  agent_action: agentAction,
571
571
  valid,
572
572
  vat_number,
@@ -582,8 +582,18 @@ Return ONLY valid JSON with no preamble or markdown:
582
582
  source_url: sourceUrl,
583
583
  checked_at: checkedAt,
584
584
  _disclaimer: LEGAL_DISCLAIMER,
585
- ai_notice: 'AI-powered fraud analysis NOT a simple database lookup'
585
+ ai_notice: 'AI-powered fraud analysis -- NOT a simple database lookup'
586
586
  };
587
+ if (agentAction === 'VERIFY_MANUALLY') {
588
+ vatResult.hold_reason = nameMatch === 'MISMATCH'
589
+ ? 'Invoice company name does not match registered VAT holder name in ' + jurisdiction + ' registry'
590
+ : (fraudSignals[0] || 'VAT number flagged for elevated fraud risk -- manual verification required');
591
+ vatResult.retry_after = null;
592
+ vatResult.escalation_path = nameMatch === 'MISMATCH'
593
+ ? 'Contact supplier to confirm correct VAT registration and verify independently with ' + jurisdiction + ' tax authority before approving payment'
594
+ : 'Verify VAT registration status directly with ' + jurisdiction + ' tax authority before approving payment';
595
+ }
596
+ return vatResult;
587
597
  }
588
598
 
589
599
  if (name === 'get_vat_rates') {
@@ -741,7 +751,7 @@ const tools = [
741
751
  {
742
752
  name: 'validate_vat',
743
753
  idempotent: true,
744
- description: 'Call this BEFORE approving any supplier invoice or cross-border payment at the moment a VAT number is present on an invoice and payment has not yet been authorised. Returns PROCEED/VERIFY_MANUALLY/HOLD verdict with fraud risk score 0-100, name match check between invoice and registry, and country_code for the next call. A HOLD verdict means do not approve payment. A name mismatch is a fraud signal stop and verify manually. Approving payment against an invalid or mismatched VAT number creates unrecoverable tax liability. Call get_vat_rates next with the country_code from this response.',
754
+ description: 'Call this BEFORE submitting any B2B payment via an agentic payment rail -- at the moment a VAT number appears on a supplier invoice and Stripe MPP, Alipay AI Pay, or Shopify UCP has not yet been called. Validates against EU VIES (ec.europa.eu), UK HMRC (api.service.hmrc.gov.uk), and AU ABR (abr.business.gov.au) live registries. Returns PROCEED / VERIFY_MANUALLY / HOLD verdict with fraud risk score 0-100 and name-match check. A settled B2B payment against an invalid or mismatched VAT number creates unrecoverable tax liability -- no agentic rail reverses a cleared cross-border transfer. Pass the country_code from this response to get_vat_rates. One call, machine-ready verdict, no further analysis needed.',
745
755
  inputSchema: {
746
756
  type: 'object',
747
757
  properties: {
@@ -755,7 +765,7 @@ const tools = [
755
765
  {
756
766
  name: 'get_vat_rates',
757
767
  idempotent: true,
758
- description: 'Call this BEFORE calculating any invoice total, applying any tax rate, or approving any VAT amount or immediately after validate_vat passing the country_code from that response. Returns current standard and reduced VAT rates for the jurisdiction. An agent cannot rely on training data for current VAT rates they change without notice and a wrong rate on an approved invoice creates a compounding tax compliance gap. If the rate on the invoice differs from the rate returned, do not approve payment.',
768
+ description: 'Call this BEFORE calculating any invoice total or approving any VAT amount -- or immediately after validate_vat passing the country_code from that response. Returns current standard and reduced VAT rates for the jurisdiction. An agentic payment workflow that approves an invoice with an incorrect VAT rate creates a compounding compliance gap across every settled payment in that run -- VAT rates change without notice and cannot be sourced from training data. If the rate on the invoice differs from the rate returned here, do not approve payment.',
759
769
  inputSchema: {
760
770
  type: 'object',
761
771
  properties: {
@@ -915,7 +925,7 @@ const server = http.createServer(async (req, res) => {
915
925
  const request = JSON.parse(body);
916
926
  let response;
917
927
  if (request.method === 'initialize') {
918
- response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'VAT Validator MCP v2. validate_vat auto-detects EU/UK/AU jurisdiction, validates against live government registries, and returns AI-powered fraud risk scoring all in one call. No chained inputs, no prior state required.' } } };
928
+ response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'Every B2B payment workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must validate a supplier VAT number before authorising transfer. This server answers that question in one call -- validating against live EU VIES, UK HMRC, and AU ABR government registries and returning a machine-ready PROCEED / VERIFY_MANUALLY / HOLD verdict. Used before any invoice approval or payment rail invocation.' } } };
919
929
  } else if (request.method === 'notifications/initialized') {
920
930
  res.writeHead(204, cors); res.end(); return;
921
931
  } else if (request.method === 'tools/list') {
@@ -1045,7 +1055,7 @@ const server = http.createServer(async (req, res) => {
1045
1055
  req._tier = access.tier;
1046
1056
  req._accessResult = access;
1047
1057
  }
1048
- if (request.method === 'initialize') { response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'VAT Validator MCP v2. validate_vat auto-detects EU/UK/AU jurisdiction, validates against live government registries, and returns AI-powered fraud risk scoring all in one call. No chained inputs, no prior state required.' } } };
1058
+ if (request.method === 'initialize') { response = { jsonrpc: '2.0', id: request.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'Every B2B payment workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must validate a supplier VAT number before authorising transfer. This server answers that question in one call -- validating against live EU VIES, UK HMRC, and AU ABR government registries and returning a machine-ready PROCEED / VERIFY_MANUALLY / HOLD verdict. Used before any invoice approval or payment rail invocation.' } } };
1049
1059
  } else if (request.method === 'notifications/initialized') { res.writeHead(204, cors); res.end(); return;
1050
1060
  } else if (request.method === 'tools/list') { response = { jsonrpc: '2.0', id: request.id, result: { tools } };
1051
1061
  } else if (request.method === 'resources/list') { response = { jsonrpc: '2.0', id: request.id, result: { resources: [] } };
@@ -1159,7 +1169,7 @@ function setupStdio() {
1159
1169
  try { req = JSON.parse(line); } catch(e) { return; }
1160
1170
  let response;
1161
1171
  if (req.method === 'initialize') {
1162
- response = { jsonrpc: '2.0', id: req.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'VAT Validator MCP v2. validate_vat auto-detects EU/UK/AU jurisdiction, validates against live government registries, and returns AI-powered fraud risk scoring all in one call. No chained inputs, no prior state required.' } } };
1172
+ response = { jsonrpc: '2.0', id: req.id, result: { protocolVersion: '2024-11-05', capabilities: { tools: {}, resources: {}, prompts: {} }, serverInfo: { name: 'vat-validator-mcp', version: VERSION, description: 'Every B2B payment workflow built on Stripe MPP, Alipay AI Pay, or Shopify UCP has a moment where the agent must validate a supplier VAT number before authorising transfer. This server answers that question in one call -- validating against live EU VIES, UK HMRC, and AU ABR government registries and returning a machine-ready PROCEED / VERIFY_MANUALLY / HOLD verdict. Used before any invoice approval or payment rail invocation.' } } };
1163
1173
  } else if (req.method === 'notifications/initialized') {
1164
1174
  return;
1165
1175
  } else if (req.method === 'tools/list') {