6.1 KiB
6.1 KiB
SAFETY DISCLAIMER
⚠️ FOR TESTING AND DEMONSTRATION PURPOSES ONLY ⚠️
This Mock GDS MCP Server is designed EXCLUSIVELY for:
- ✅ Software testing and quality assurance
- ✅ Developer training and education
- ✅ Sales demonstrations and proof-of-concept
- ✅ Integration testing with MCP clients
- ✅ Automated test suite execution
What This Server Does NOT Do
❌ NO Real GDS Connections
- This server does NOT connect to any real Global Distribution Systems
- Does NOT communicate with Amadeus, SABRE, Galileo, or any production GDS
- Does NOT access real flight inventory, hotel availability, or car rental systems
- All data is generated locally from mock data files
❌ NO Real Transactions
- Does NOT process real bookings
- Does NOT charge credit cards or payment instruments
- Does NOT create actual travel reservations
- Does NOT send confirmation emails to airlines or travel suppliers
- Does NOT issue real tickets or vouchers
❌ NO Real Passenger Data
- Does NOT store or transmit real passenger PII (Personally Identifiable Information)
- Does NOT connect to passenger databases
- Does NOT perform identity verification
- All passenger data is ephemeral and session-scoped
❌ NO Production Use
- This server is NOT certified or approved for production use
- Does NOT provide SLA guarantees or uptime commitments
- Does NOT handle real customer transactions
- Does NOT meet regulatory compliance requirements for real bookings
What This Server DOES Do
✅ Mock Data Generation
- Generates realistic flight, hotel, and car rental options
- Uses valid IATA airport codes and airline identifiers
- Simulates pricing, availability, and schedule data
- Creates professional-looking mock responses
✅ Test-Prefixed Identifiers
- ALL PNRs (Passenger Name Records) have
TEST-prefix - Format:
TEST-XXXXXX(e.g.,TEST-A1B2C3) - This prefix clearly identifies all bookings as test/mock data
- Production systems should REJECT any PNR starting with
TEST-
✅ Session Isolation
- Each MCP session maintains isolated booking state
- Sessions auto-expire after timeout (default 1 hour)
- Data is stored in Valkey (Redis-compatible) with TTL
- No cross-session data leakage
✅ Full MCP Protocol Compliance
- Implements Model Context Protocol specification correctly
- Provides proper tool schemas and validation
- Returns standard error codes and responses
- Works with any MCP-compliant client
Safety Guarantees
1. No External API Calls
Guarantee: This server makes ZERO external API calls to production systems.
Verification:
- Review
src/data/directory - all data is embedded - Check network logs - no outbound HTTP/HTTPS connections
- Inspect Docker network configuration - isolated network only
2. Test-Only PNR Format
Guarantee: All PNR codes follow TEST-XXXXXX format.
Verification:
- See
src/data/pnr.js-generatePNR()function enforces prefix - Validation in
src/utils/errors.js-validatePNR()requiresTEST-prefix - Production systems should have safeguards to reject
TEST-prefixed bookings
3. Local Data Storage Only
Guarantee: All booking data stays within the Valkey container.
Verification:
- Check
docker-compose.yaml- Valkey not exposed publicly - Review
src/session/storage.js- only connects to local Valkey - Data persists only during container lifetime (configurable)
4. Non-Root Container Execution
Guarantee: Docker container runs as non-root user for security.
Verification:
- See
docker/Dockerfile- createsgdsuser (UID 1001) - Container runs with
USER gdsdirective - Cannot write to host system outside mounted volumes
Configuration Safety
Safe Defaults
The server ships with safe default configuration:
MOCK_DATA_SEED=random # Non-deterministic mock data
LOG_LEVEL=info # Appropriate logging verbosity
MCP_SESSION_TIMEOUT=3600 # 1-hour session expiry
VALKEY_HOST=localhost # Local-only connection
Unsafe Configurations (Don't Do This!)
❌ DO NOT set VALKEY_HOST to a production database
❌ DO NOT modify PNR generation to remove TEST- prefix
❌ DO NOT connect this server to real GDS credentials
❌ DO NOT use this server in customer-facing production systems
Regulatory Compliance
This Server Is NOT:
- PCI DSS compliant (does not handle real payment data)
- GDPR compliant (not designed for real personal data)
- IATA NDC certified (not a real distribution system)
- SOC 2 audited (no production security controls)
Use Cases That Require Real GDS:
If you need any of the following, use a real GDS system, not this mock server:
- Real flight bookings for customers
- Actual hotel reservations
- Live car rental confirmations
- Ticketing and payment processing
- Customer itinerary management
- Regulatory reporting and auditing
Liability Disclaimer
NO WARRANTY: This software is provided "as is" without warranty of any kind.
NO LIABILITY: The authors are not liable for:
- Loss of data
- Failed bookings or reservations
- Financial losses
- Service interruptions
- Any damages arising from use or misuse
USER RESPONSIBILITY: Users are responsible for:
- Ensuring appropriate use (testing only)
- Not using in production systems
- Complying with applicable laws and regulations
- Properly disclaiming mock data in demonstrations
Acknowledgment
By using this Mock GDS MCP Server, you acknowledge that:
- ✅ I understand this is a mock/test server only
- ✅ I will NOT use this in production systems
- ✅ I will NOT process real customer bookings
- ✅ I will clearly label all demonstrations as "mock data"
- ✅ I accept full responsibility for appropriate use
Questions or Concerns?
If you have questions about safe and appropriate use of this mock server:
- Review the documentation in
/specsdirectory - Check the README.md for usage examples
- File an issue on the project repository
- Consult with your legal and compliance teams before use
Last Updated: 2026-04-07
Version: 0.1.0
Status: TEST/DEMO USE ONLY