# SAFETY DISCLAIMER ## ⚠️ FOR TESTING AND DEMONSTRATION PURPOSES ONLY ⚠️ This Mock GDS MCP Server is designed **EXCLUSIVELY** for: - ✅ Software testing and quality assurance - ✅ Developer training and education - ✅ Sales demonstrations and proof-of-concept - ✅ Integration testing with MCP clients - ✅ Automated test suite execution --- ## What This Server Does NOT Do ### ❌ NO Real GDS Connections - This server does NOT connect to any real Global Distribution Systems - Does NOT communicate with Amadeus, SABRE, Galileo, or any production GDS - Does NOT access real flight inventory, hotel availability, or car rental systems - All data is generated locally from mock data files ### ❌ NO Real Transactions - Does NOT process real bookings - Does NOT charge credit cards or payment instruments - Does NOT create actual travel reservations - Does NOT send confirmation emails to airlines or travel suppliers - Does NOT issue real tickets or vouchers ### ❌ NO Real Passenger Data - Does NOT store or transmit real passenger PII (Personally Identifiable Information) - Does NOT connect to passenger databases - Does NOT perform identity verification - All passenger data is ephemeral and session-scoped ### ❌ NO Production Use - This server is NOT certified or approved for production use - Does NOT provide SLA guarantees or uptime commitments - Does NOT handle real customer transactions - Does NOT meet regulatory compliance requirements for real bookings --- ## What This Server DOES Do ### ✅ Mock Data Generation - Generates realistic flight, hotel, and car rental options - Uses valid IATA airport codes and airline identifiers - Simulates pricing, availability, and schedule data - Creates professional-looking mock responses ### ✅ Test-Prefixed Identifiers - **ALL PNRs (Passenger Name Records) have `TEST-` prefix** - Format: `TEST-XXXXXX` (e.g., `TEST-A1B2C3`) - This prefix clearly identifies all bookings as test/mock data - Production systems should REJECT any PNR starting with `TEST-` ### ✅ Session Isolation - Each MCP session maintains isolated booking state - Sessions auto-expire after timeout (default 1 hour) - Data is stored in Valkey (Redis-compatible) with TTL - No cross-session data leakage ### ✅ Full MCP Protocol Compliance - Implements Model Context Protocol specification correctly - Provides proper tool schemas and validation - Returns standard error codes and responses - Works with any MCP-compliant client --- ## Safety Guarantees ### 1. No External API Calls **Guarantee**: This server makes ZERO external API calls to production systems. **Verification**: - Review `src/data/` directory - all data is embedded - Check network logs - no outbound HTTP/HTTPS connections - Inspect Docker network configuration - isolated network only ### 2. Test-Only PNR Format **Guarantee**: All PNR codes follow `TEST-XXXXXX` format. **Verification**: - See `src/data/pnr.js` - `generatePNR()` function enforces prefix - Validation in `src/utils/errors.js` - `validatePNR()` requires `TEST-` prefix - Production systems should have safeguards to reject `TEST-` prefixed bookings ### 3. Local Data Storage Only **Guarantee**: All booking data stays within the Valkey container. **Verification**: - Check `docker-compose.yaml` - Valkey not exposed publicly - Review `src/session/storage.js` - only connects to local Valkey - Data persists only during container lifetime (configurable) ### 4. Non-Root Container Execution **Guarantee**: Docker container runs as non-root user for security. **Verification**: - See `docker/Dockerfile` - creates `gds` user (UID 1001) - Container runs with `USER gds` directive - Cannot write to host system outside mounted volumes --- ## Configuration Safety ### Safe Defaults The server ships with safe default configuration: ```bash MOCK_DATA_SEED=random # Non-deterministic mock data LOG_LEVEL=info # Appropriate logging verbosity MCP_SESSION_TIMEOUT=3600 # 1-hour session expiry VALKEY_HOST=localhost # Local-only connection ``` ### Unsafe Configurations (Don't Do This!) ❌ **DO NOT** set `VALKEY_HOST` to a production database ❌ **DO NOT** modify PNR generation to remove `TEST-` prefix ❌ **DO NOT** connect this server to real GDS credentials ❌ **DO NOT** use this server in customer-facing production systems --- ## Regulatory Compliance ### This Server Is NOT: - PCI DSS compliant (does not handle real payment data) - GDPR compliant (not designed for real personal data) - IATA NDC certified (not a real distribution system) - SOC 2 audited (no production security controls) ### Use Cases That Require Real GDS: If you need any of the following, use a **real GDS system**, not this mock server: - Real flight bookings for customers - Actual hotel reservations - Live car rental confirmations - Ticketing and payment processing - Customer itinerary management - Regulatory reporting and auditing --- ## Liability Disclaimer **NO WARRANTY**: This software is provided "as is" without warranty of any kind. **NO LIABILITY**: The authors are not liable for: - Loss of data - Failed bookings or reservations - Financial losses - Service interruptions - Any damages arising from use or misuse **USER RESPONSIBILITY**: Users are responsible for: - Ensuring appropriate use (testing only) - Not using in production systems - Complying with applicable laws and regulations - Properly disclaiming mock data in demonstrations --- ## Acknowledgment By using this Mock GDS MCP Server, you acknowledge that: 1. ✅ I understand this is a mock/test server only 2. ✅ I will NOT use this in production systems 3. ✅ I will NOT process real customer bookings 4. ✅ I will clearly label all demonstrations as "mock data" 5. ✅ I accept full responsibility for appropriate use --- ## Questions or Concerns? If you have questions about safe and appropriate use of this mock server: - Review the documentation in `/specs` directory - Check the README.md for usage examples - File an issue on the project repository - Consult with your legal and compliance teams before use --- **Last Updated**: 2026-04-07 **Version**: 0.1.0 **Status**: TEST/DEMO USE ONLY