Skip to content

v0.2.0 - PII Protection for all VTEX API endpoints

Latest

Choose a tag to compare

@lucianfialho lucianfialho released this 28 Oct 23:21

πŸ”’ Release v0.2.0: Comprehensive PII Protection

This release introduces automatic PII (Personally Identifiable Information) protection across all VTEX API endpoints, ensuring LGPD/GDPR compliance by default.

✨ Major Features

πŸ›‘οΈ Automatic PII Filtering

  • All 20 API endpoints now automatically filter sensitive customer data
  • 33 protected field types including names, emails, documents, addresses, and payment data
  • Enabled by default for maximum security out of the box
  • Configurable via VTEX_PII_PROTECTION environment variable

πŸ” What Gets Protected

πŸ‘€ Personal Information

  • Names: firstName, lastName, clientName, receiverName, cardHolder
  • Corporate: corporateName, tradeName

πŸ“§ Contact Information

  • Email: email, followUpEmail
  • Phone: phone, cellPhone, corporatePhone

πŸ†” Documents & IDs

  • cpf, cnpj, document, corporateDocument, stateInscription

🏠 Address Information

  • Components: street, number, complement, neighborhood, postalCode, city, state
  • Objects: address, billingAddress, location
  • Geo: geoCoordinates, latitude, longitude

πŸ’³ Payment Information

  • Card data: cardNumber, firstDigits, lastDigits
  • Security: cvv, cvv2, expireMonth, expireYear

βœ… What Gets Preserved

All ID fields are preserved for correlation:

  • orderId, userId, userProfileId, addressId, transactionId
  • productId, skuId, warehouseId, dockId
  • All other fields ending in Id

Business data remains intact:

  • Order values, quantities, prices, status
  • Dates, timestamps, configuration flags
  • Product names, descriptions, SKUs

πŸ“¦ Installation

Download & Install

  1. Download mcp-vtex.mcpb from the assets below
  2. Open Claude Desktop
  3. Go to Settings β†’ Developer β†’ MCP Servers
  4. Click "Install from file" and select the downloaded .mcpb file
  5. Configure your VTEX credentials
  6. Enable the server

Configuration

```bash

Required

VTEX_ACCOUNT_NAME=your-account-name
VTEX_APP_KEY=your-app-key
VTEX_APP_TOKEN=your-app-token

Optional

VTEX_ENVIRONMENT=vtexcommercestable # default
VTEX_PII_PROTECTION=true # default (recommended)
```

To disable PII protection (not recommended):
```bash
VTEX_PII_PROTECTION=false
```

πŸ§ͺ Testing

This release includes comprehensive test suites:

```bash

Test PII filtering

npm test

Test MCP server integration

npm run test:server
```

πŸ’‘ Benefits

  • πŸ›‘οΈ LGPD/GDPR Compliance: Sensitive data never reaches the LLM
  • πŸ’° Token Efficiency: Less data = lower costs
  • πŸ”’ Privacy by Design: PII filtered at source
  • ⚑ Simple & Fast: No complex masking or pseudonymization
  • βœ… Maintains Functionality: IDs allow for correlation and lookups

πŸ“Š Technical Details

  • Protected Endpoints: All 20 (Catalog: 5, Orders: 3, Pricing: 6, Inventory/Logistics: 6)
  • Filter Implementation: Recursive function applied globally to all responses
  • Response Format: YAML for token optimization
  • Performance: Zero overhead when disabled, minimal when enabled

πŸ”„ What's Changed

New Files:

  • `.env.example` - Configuration template
  • `test-pii-filter.js` - PII protection test suite
  • `test-mcp-server.js` - MCP integration tests

Modified:

  • `server/index.js` - Added PII filtering logic
  • `README.md` - Comprehensive PII protection documentation
  • `manifest.json` - Added `VTEX_PII_PROTECTION` configuration
  • `package.json` - Added test scripts

πŸ“ Full Changelog

Commits:

  • feat: add comprehensive PII protection for all API endpoints
  • chore: bump version to 0.2.0

πŸ€– Generated with Claude Code

Full Changelog: v0.1.0...v0.2.0