π Release v0.2.0: Comprehensive PII Protection
This release introduces automatic PII (Personally Identifiable Information) protection across all VTEX API endpoints, ensuring LGPD/GDPR compliance by default.
β¨ Major Features
π‘οΈ Automatic PII Filtering
- All 20 API endpoints now automatically filter sensitive customer data
- 33 protected field types including names, emails, documents, addresses, and payment data
- Enabled by default for maximum security out of the box
- Configurable via
VTEX_PII_PROTECTIONenvironment variable
π What Gets Protected
π€ Personal Information
- Names:
firstName,lastName,clientName,receiverName,cardHolder - Corporate:
corporateName,tradeName
π§ Contact Information
- Email:
email,followUpEmail - Phone:
phone,cellPhone,corporatePhone
π Documents & IDs
cpf,cnpj,document,corporateDocument,stateInscription
π Address Information
- Components:
street,number,complement,neighborhood,postalCode,city,state - Objects:
address,billingAddress,location - Geo:
geoCoordinates,latitude,longitude
π³ Payment Information
- Card data:
cardNumber,firstDigits,lastDigits - Security:
cvv,cvv2,expireMonth,expireYear
β What Gets Preserved
All ID fields are preserved for correlation:
orderId,userId,userProfileId,addressId,transactionIdproductId,skuId,warehouseId,dockId- All other fields ending in
Id
Business data remains intact:
- Order values, quantities, prices, status
- Dates, timestamps, configuration flags
- Product names, descriptions, SKUs
π¦ Installation
Download & Install
- Download
mcp-vtex.mcpbfrom the assets below - Open Claude Desktop
- Go to Settings β Developer β MCP Servers
- Click "Install from file" and select the downloaded
.mcpbfile - Configure your VTEX credentials
- Enable the server
Configuration
```bash
Required
VTEX_ACCOUNT_NAME=your-account-name
VTEX_APP_KEY=your-app-key
VTEX_APP_TOKEN=your-app-token
Optional
VTEX_ENVIRONMENT=vtexcommercestable # default
VTEX_PII_PROTECTION=true # default (recommended)
```
To disable PII protection (not recommended):
```bash
VTEX_PII_PROTECTION=false
```
π§ͺ Testing
This release includes comprehensive test suites:
```bash
Test PII filtering
npm test
Test MCP server integration
npm run test:server
```
π‘ Benefits
- π‘οΈ LGPD/GDPR Compliance: Sensitive data never reaches the LLM
- π° Token Efficiency: Less data = lower costs
- π Privacy by Design: PII filtered at source
- β‘ Simple & Fast: No complex masking or pseudonymization
- β Maintains Functionality: IDs allow for correlation and lookups
π Technical Details
- Protected Endpoints: All 20 (Catalog: 5, Orders: 3, Pricing: 6, Inventory/Logistics: 6)
- Filter Implementation: Recursive function applied globally to all responses
- Response Format: YAML for token optimization
- Performance: Zero overhead when disabled, minimal when enabled
π What's Changed
New Files:
- `.env.example` - Configuration template
- `test-pii-filter.js` - PII protection test suite
- `test-mcp-server.js` - MCP integration tests
Modified:
- `server/index.js` - Added PII filtering logic
- `README.md` - Comprehensive PII protection documentation
- `manifest.json` - Added `VTEX_PII_PROTECTION` configuration
- `package.json` - Added test scripts
π Full Changelog
Commits:
- feat: add comprehensive PII protection for all API endpoints
- chore: bump version to 0.2.0
π€ Generated with Claude Code
Full Changelog: v0.1.0...v0.2.0