npm - vat-validator-mcp - Versions diffs - 2.0.4 → 2.0.9 - Mend

vat-validator-mcp 2.0.4 → 2.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -28,12 +28,12 @@ sources directly:
 | Tool | Free Tier | Use When |
 |---|---|---|
-| validate_vat | 20/month | Before approving any EU supplier or invoice |
-| validate_uk_vat | 20/month | Before approving any UK supplier or invoice |
-| get_vat_rates | 20/month | Before calculating cross-border invoice totals |
+| validate_vat | 50/month | Before approving any EU supplier or invoice |
+| validate_uk_vat | 50/month | Before approving any UK supplier or invoice |
+| get_vat_rates | 50/month | Before calculating cross-border invoice totals |
 | batch_validate | Paid | Validating a supplier list or invoice batch |
-| analyse_vat_risk | 20/month | Before approving any high-value cross-border invoice |
-| compare_invoice_details | 20/month | Before authorising payment on any supplier invoice |
+| analyse_vat_risk | 50/month | Before approving any high-value cross-border invoice |
+| compare_invoice_details | 50/month | Before authorising payment on any supplier invoice |
 ## Add to Your Agent
@@ -65,9 +65,10 @@ mcp_server = MCPServerSse(
 | Tier | Calls | Price |
 |---|---|---|
-| Free | 20/month | No card required |
-| Pro | Unlimited | $39/month |
-| Enterprise | Unlimited + priority | $199/month |
+| Free | 50/month | No card required |
+| Pay-as-you-go | Unlimited | $0.010/query, billed monthly |
+| Bundle 500 | 500 calls, never expire | $8 |
+| Bundle 2000 | 2000 calls, never expire | $28 |
 Upgrade: https://kordagencies.com

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "vat-validator-mcp",
   "mcpName": "io.github.OjasKord/vat-validator-mcp",
-  "version": "2.0.4",
+  "version": "2.0.9",
   "description": "VAT number validator for AI agents. EU VIES, UK HMRC, AU ABR — auto-detects jurisdiction. Fraud risk scoring and invoice name cross-check in one call.",
   "main": "src/server.js",
   "scripts": {

package/src/server.js CHANGED Viewed

@@ -7,7 +7,7 @@ const Stripe = require('stripe');
 const stripe = Stripe(process.env.STRIPE_SECRET_KEY);
 const PERSIST_FILE = '/tmp/vat_stats.json';
-const VERSION = '2.0.4';
+const VERSION = '2.0.9';
 // Persistent device ID for HMRC fraud prevention headers (BATCH_PROCESS_DIRECT)
 const DEVICE_ID_FILE = path.join(__dirname, '..', 'device-id.txt');
@@ -23,6 +23,7 @@ const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY || '';
 const PORT = process.env.PORT || 3000;
 const STATS_KEY = process.env.STATS_KEY || 'ojas2026';
 const REDIS_PREFIX = 'vat';
+const FREE_TIER_REDIS_KEY = 'vat:free_tier_usage';
 const FREE_TIER_LIMIT = 50;
 const METERED_SUBSCRIBE_URL = 'https://vat-validator-mcp-production.up.railway.app/subscribe';
 const BUNDLE_500_URL = 'https://buy.stripe.com/28EeVceUB06N1ty3teebu0l';
@@ -79,6 +80,7 @@ async function redisGet(key) {
       { headers: { Authorization: `Bearer ${UPSTASH_TOKEN}` } }
     );
     const data = await res.json();
+    if (data.error) console.error('[Redis] redisGet error:', data.error, 'key:', key);
     if (!data.result) return null;
     return JSON.parse(data.result);
   } catch(e) { return null; }
@@ -86,37 +88,36 @@ async function redisGet(key) {
 async function redisSet(key, value) {
   try {
-    await fetch(
-      `${UPSTASH_URL}/set/${encodeURIComponent(key)}`,
-      {
-        method: 'POST',
-        headers: {
-          Authorization: `Bearer ${UPSTASH_TOKEN}`,
-          'Content-Type': 'application/json'
-        },
-        body: JSON.stringify({ value: JSON.stringify(value) })
-      }
-    );
-  } catch(e) {}
+    const res = await fetch(`${process.env.UPSTASH_REDIS_REST_URL}/set/${encodeURIComponent(key)}/${encodeURIComponent(JSON.stringify(value))}`, {
+      method: 'GET',
+      headers: { Authorization: `Bearer ${process.env.UPSTASH_REDIS_REST_TOKEN}` }
+    });
+    const data = await res.json();
+    if (data.error) console.error('[Redis] redisSet error:', data.error, 'key:', key);
+  } catch(e) { console.error('[Redis] redisSet failed:', e); }
 }
 async function redisExpire(key, seconds) {
   try {
-    await fetch(
+    const res = await fetch(
       `${UPSTASH_URL}/expire/${encodeURIComponent(key)}/${seconds}`,
       { method: 'POST', headers: { Authorization: `Bearer ${UPSTASH_TOKEN}` } }
     );
-  } catch(e) {}
+    const data = await res.json();
+    if (data.error) console.error('[Redis] redisExpire error:', data.error, 'key:', key);
+  } catch(e) { console.error('[Redis] redisExpire failed:', e); }
 }
 async function appendSessionLog(ip, tool) {
-  const ipSafe = ip.replace(/:/g, '_').replace(/\s/g, '');
-  const dayKey = new Date().toISOString().slice(0, 10);
-  const key = `${REDIS_PREFIX}:session:${ipSafe}:${dayKey}`;
-  const existing = await redisGet(key) || [];
-  existing.push({ tool, timestamp: new Date().toISOString() });
-  await redisSet(key, existing);
-  await redisExpire(key, 86400);
+  try {
+    const ipSafe = ip.replace(/:/g, '_').replace(/\s/g, '');
+    const dayKey = new Date().toISOString().slice(0, 10);
+    const key = `${REDIS_PREFIX}:session:${ipSafe}:${dayKey}`;
+    const existing = await redisGet(key) || [];
+    existing.push({ tool, timestamp: new Date().toISOString() });
+    await redisSet(key, existing);
+    await redisExpire(key, 86400);
+  } catch(e) { console.error('[SessionLog] internal error:', e); }
 }
 async function redisKeys(pattern) {
@@ -126,6 +127,7 @@ async function redisKeys(pattern) {
       { headers: { Authorization: `Bearer ${UPSTASH_TOKEN}` } }
     );
     const data = await res.json();
+    if (data.error) console.error('[Redis] redisKeys error:', data.error, 'pattern:', pattern);
     return data.result || [];
   } catch(e) { return []; }
 }
@@ -146,6 +148,22 @@ async function loadApiKeysFromRedis(prefix) {
   console.log(`Loaded ${apiKeys.size} API keys from Redis`);
 }
+async function loadFreeTierFromRedis() {
+  try {
+    const data = await redisGet(FREE_TIER_REDIS_KEY);
+    if (data && Array.isArray(data)) {
+      data.forEach(([k, v]) => freeTierUsage.set(k, v));
+      console.log('[FreeTier] Loaded ' + freeTierUsage.size + ' IPs from Redis');
+    }
+  } catch(e) { console.error('[FreeTier] load failed:', e); }
+}
+async function saveFreeTierToRedis() {
+  try {
+    await redisSet(FREE_TIER_REDIS_KEY, Array.from(freeTierUsage.entries()));
+  } catch(e) { console.error('[FreeTier] save failed:', e); }
+}
 function generateApiKey() { return 'vat_' + crypto.randomBytes(24).toString('hex'); }
 function getPlanFromProduct(productName) {
   if (!productName) return 'bundle_500';
@@ -598,7 +616,8 @@ function checkAccess(req) {
     saveKeyToRedis(apiKey, record, REDIS_PREFIX).catch(() => {});
     return { allowed: true, paid: true, plan: record.plan };
   }
-  const ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+  const rawIp = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+  const ip = rawIp.split(',')[0].trim();
   const monthKey = getMonthKey(ip);
   const calls = freeTierUsage.get(monthKey) || 0;
   if (calls >= FREE_TIER_LIMIT) return {
@@ -624,6 +643,7 @@ function checkAccess(req) {
   };
   freeTierUsage.set(monthKey, calls + 1);
   saveStats();
+  saveFreeTierToRedis().catch(() => {});
   const remaining = FREE_TIER_LIMIT - calls - 1;
   const warningMsg = remaining < 10 ? remaining + ' free validations remaining this month. Get 500 calls for $8 at ' + BUNDLE_500_URL + ' -- calls never expire.' : null;
   return { allowed: true, tier: 'free', remaining, warning: warningMsg };
@@ -699,7 +719,7 @@ const tools = [
   {
     name: 'validate_vat',
     idempotent: true,
-    description: 'Call this BEFORE your agent approves any supplier invoice, onboards a new EU/UK/AU vendor, or processes any cross-border payment. Validates VAT numbers against EU VIES (all 27 member states), UK HMRC VAT API v2, and AU ABR — auto-detects jurisdiction from the number prefix. Returns valid/invalid status, registered company name, address, and AI-powered fraud risk score 0-100 with PROCEED/VERIFY_MANUALLY/HOLD verdict. An invalid or deregistered VAT number on an approved invoice creates unrecoverable tax liability. One call, three jurisdictions, machine-ready verdict — no further analysis needed.',
+    description: 'Call this BEFORE your agent approves any supplier invoice, onboards a new EU/UK/AU vendor, or processes any cross-border payment. Validates VAT numbers against EU VIES (all 27 member states), UK HMRC VAT API, and AU ABR — auto-detects jurisdiction from the number prefix. Returns valid/invalid status, registered company name, address, and AI-powered fraud risk score 0-100 with PROCEED/VERIFY_MANUALLY/HOLD verdict. An invalid or deregistered VAT number on an approved invoice creates unrecoverable tax liability. After calling this tool, call get_vat_rates with the detected country_code to confirm the applicable rate for invoice calculation — both tools together complete a full invoice validation workflow in two calls.',
     inputSchema: {
       type: 'object',
       properties: {
@@ -713,7 +733,7 @@ const tools = [
   {
     name: 'get_vat_rates',
     idempotent: true,
-    description: 'Call this BEFORE your agent calculates invoice totals, applies tax rates, generates VAT-inclusive pricing, or validates that a VAT amount on an invoice is correct for a given country. Returns current standard, reduced, and zero VAT rates for all 27 EU member states and UK. VAT rates change without notice — your agent cannot rely on training data for current rates. Returns machine-readable JSON — no parsing needed. Omit country_code to get all countries.',
+    description: "Call this AFTER validate_vat to confirm the current VAT rate applicable to the validated supplier's jurisdiction, or call standalone before your agent calculates invoice totals, applies tax rates, or generates VAT-inclusive pricing. Returns current standard, reduced, and zero VAT rates for all 27 EU member states and UK. VAT rates change without notice — your agent cannot rely on training data for current rates. Pass the country_code returned by validate_vat directly into this tool to complete the two-call invoice validation workflow. Returns machine-readable JSON — no parsing needed. Omit country_code to get all countries.",
     inputSchema: {
       type: 'object',
       properties: {
@@ -880,12 +900,13 @@ const server = http.createServer(async (req, res) => {
             response = { jsonrpc: '2.0', id: request.id, error: { code: -32000, message: access.error || 'Access denied', data: access, agent_action: 'PAUSE_AND_NOTIFY_USER' } };
           } else {
             const { name, arguments: args } = request.params;
-            const ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+            const rawIp = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+            const ip = rawIp.split(',')[0].trim();
             usageLog.push({ tool: name, tier: access.tier || access.plan || 'paid', time: new Date().toISOString(), ip: ip.slice(0, 8) + '...' });
             if (usageLog.length > 1000) usageLog.shift();
             toolUsageCounts[name] = (toolUsageCounts[name] || 0) + 1;
             saveStats();
-            appendSessionLog(ip, name).catch(() => {});
+            appendSessionLog(ip, name).catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
             const result = await executeTool(name, args || {});
             if (access.plan === 'metered' && access.stripeCustomerId) {
               reportMeteredUsage(access.stripeCustomerId, 'vat_query').catch(() => {});
@@ -929,12 +950,13 @@ const server = http.createServer(async (req, res) => {
         } else if (request.method === 'prompts/list') { response = { jsonrpc: '2.0', id: request.id, result: { prompts: [] } };
         } else if (request.method === 'tools/call') {
           const { name, arguments: toolArgs } = request.params;
-          const ip = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+          const rawIp = req.headers['x-forwarded-for'] || req.socket.remoteAddress || 'unknown';
+          const ip = rawIp.split(',')[0].trim();
           usageLog.push({ tool: name, tier: req._tier || req._accessResult?.plan || 'paid', time: new Date().toISOString(), ip: ip.slice(0, 8) + '...' });
           if (usageLog.length > 1000) usageLog.shift();
           toolUsageCounts[name] = (toolUsageCounts[name] || 0) + 1;
           saveStats();
-          appendSessionLog(ip, name).catch(() => {});
+          appendSessionLog(ip, name).catch((e) => console.error('[SessionLog] appendSessionLog failed:', e));
           const result = await executeTool(name, toolArgs || {});
           if (req._accessWarning) result._notice = req._accessWarning;
@@ -1062,9 +1084,14 @@ function setupStdio() {
 setupStdio();
+if (!process.env.UPSTASH_REDIS_REST_URL || !process.env.UPSTASH_REDIS_REST_TOKEN) {
+  console.error('[Redis] WARNING: UPSTASH_REDIS_REST_URL or UPSTASH_REDIS_REST_TOKEN not set — session logging will fail silently');
+}
 server.listen(PORT, async () => {
   loadStats();
   await loadApiKeysFromRedis('vat');
+  await loadFreeTierFromRedis();
   console.log('VAT Validator MCP v' + VERSION + ' running on port ' + PORT);
   console.log('Free tier: ' + FREE_TIER_LIMIT + ' calls/IP/month, no API key required');
   console.log('Resend: ' + (RESEND_API_KEY ? 'configured' : 'MISSING'));