verint.com/gds-mock-mcp
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
65ef84d47de1c699292e2d576bc85fcf28db2a20
gds-mock-mcp/SAFETY_DISCLAIMER.md

189 lines
6.1 KiB
Markdown
Raw Blame History

# SAFETY DISCLAIMER
## ⚠️ FOR TESTING AND DEMONSTRATION PURPOSES ONLY ⚠️
This Mock GDS MCP Server is designed **EXCLUSIVELY** for:
- ✅ Software testing and quality assurance
- ✅ Developer training and education
- ✅ Sales demonstrations and proof-of-concept
- ✅ Integration testing with MCP clients
- ✅ Automated test suite execution
---
## What This Server Does NOT Do
### ❌ NO Real GDS Connections
- This server does NOT connect to any real Global Distribution Systems
- Does NOT communicate with Amadeus, SABRE, Galileo, or any production GDS
- Does NOT access real flight inventory, hotel availability, or car rental systems
- All data is generated locally from mock data files
### ❌ NO Real Transactions
- Does NOT process real bookings
- Does NOT charge credit cards or payment instruments
- Does NOT create actual travel reservations
- Does NOT send confirmation emails to airlines or travel suppliers
- Does NOT issue real tickets or vouchers
### ❌ NO Real Passenger Data
- Does NOT store or transmit real passenger PII (Personally Identifiable Information)
- Does NOT connect to passenger databases
- Does NOT perform identity verification
- All passenger data is ephemeral and session-scoped
### ❌ NO Production Use
- This server is NOT certified or approved for production use
- Does NOT provide SLA guarantees or uptime commitments
- Does NOT handle real customer transactions
- Does NOT meet regulatory compliance requirements for real bookings
---
## What This Server DOES Do
### ✅ Mock Data Generation
- Generates realistic flight, hotel, and car rental options
- Uses valid IATA airport codes and airline identifiers
- Simulates pricing, availability, and schedule data
- Creates professional-looking mock responses
### ✅ Test-Prefixed Identifiers
- **ALL PNRs (Passenger Name Records) have `TEST-` prefix**
- Format: `TEST-XXXXXX` (e.g., `TEST-A1B2C3`)
- This prefix clearly identifies all bookings as test/mock data
- Production systems should REJECT any PNR starting with `TEST-`
### ✅ Session Isolation
- Each MCP session maintains isolated booking state
- Sessions auto-expire after timeout (default 1 hour)
- Data is stored in Valkey (Redis-compatible) with TTL
- No cross-session data leakage
### ✅ Full MCP Protocol Compliance
- Implements Model Context Protocol specification correctly
- Provides proper tool schemas and validation
- Returns standard error codes and responses
- Works with any MCP-compliant client
---
## Safety Guarantees
### 1. No External API Calls
**Guarantee**: This server makes ZERO external API calls to production systems.
**Verification**:
- Review `src/data/` directory - all data is embedded
- Check network logs - no outbound HTTP/HTTPS connections
- Inspect Docker network configuration - isolated network only
### 2. Test-Only PNR Format
**Guarantee**: All PNR codes follow `TEST-XXXXXX` format.
**Verification**:
- See `src/data/pnr.js` - `generatePNR()` function enforces prefix
- Validation in `src/utils/errors.js` - `validatePNR()` requires `TEST-` prefix
- Production systems should have safeguards to reject `TEST-` prefixed bookings
### 3. Local Data Storage Only
**Guarantee**: All booking data stays within the Valkey container.
**Verification**:
- Check `docker-compose.yaml` - Valkey not exposed publicly
- Review `src/session/storage.js` - only connects to local Valkey
- Data persists only during container lifetime (configurable)
### 4. Non-Root Container Execution
**Guarantee**: Docker container runs as non-root user for security.
**Verification**:
- See `docker/Dockerfile` - creates `gds` user (UID 1001)
- Container runs with `USER gds` directive
- Cannot write to host system outside mounted volumes
---
## Configuration Safety
### Safe Defaults
The server ships with safe default configuration:
```bash
MOCK_DATA_SEED=random # Non-deterministic mock data
LOG_LEVEL=info # Appropriate logging verbosity
MCP_SESSION_TIMEOUT=3600 # 1-hour session expiry
VALKEY_HOST=localhost # Local-only connection
```
### Unsafe Configurations (Don't Do This!)
**DO NOT** set `VALKEY_HOST` to a production database
**DO NOT** modify PNR generation to remove `TEST-` prefix
**DO NOT** connect this server to real GDS credentials
**DO NOT** use this server in customer-facing production systems
---
## Regulatory Compliance
### This Server Is NOT:
- PCI DSS compliant (does not handle real payment data)
- GDPR compliant (not designed for real personal data)
- IATA NDC certified (not a real distribution system)
- SOC 2 audited (no production security controls)
### Use Cases That Require Real GDS:
If you need any of the following, use a **real GDS system**, not this mock server:
- Real flight bookings for customers
- Actual hotel reservations
- Live car rental confirmations
- Ticketing and payment processing
- Customer itinerary management
- Regulatory reporting and auditing
---
## Liability Disclaimer
**NO WARRANTY**: This software is provided "as is" without warranty of any kind.
**NO LIABILITY**: The authors are not liable for:
- Loss of data
- Failed bookings or reservations
- Financial losses
- Service interruptions
- Any damages arising from use or misuse
**USER RESPONSIBILITY**: Users are responsible for:
- Ensuring appropriate use (testing only)
- Not using in production systems
- Complying with applicable laws and regulations
- Properly disclaiming mock data in demonstrations
---
## Acknowledgment
By using this Mock GDS MCP Server, you acknowledge that:
1. ✅ I understand this is a mock/test server only
2. ✅ I will NOT use this in production systems
3. ✅ I will NOT process real customer bookings
4. ✅ I will clearly label all demonstrations as "mock data"
5. ✅ I accept full responsibility for appropriate use
---
## Questions or Concerns?
If you have questions about safe and appropriate use of this mock server:
- Review the documentation in `/specs` directory
- Check the README.md for usage examples
- File an issue on the project repository
- Consult with your legal and compliance teams before use
---
**Last Updated**: 2026-04-07
**Version**: 0.1.0
**Status**: TEST/DEMO USE ONLY
Reference in New Issue View Git Blame Copy Permalink