DJG-7/eu-eea-labour-compliance-mcp

EU/EEA Labour Law & Travel Compliance MCP Server

Pure data layer providing structured regulatory guidance from official government sources

📋 Overview

The EU/EEA Labour Law & Travel Compliance MCP Server is a Model Context Protocol server that integrates with the Travel Compliance Platform SaaS application to provide comprehensive labour law compliance guidance across:

• 27 EU Member States
• 3 EEA Countries (Iceland, Liechtenstein, Norway)
• Switzerland (bilateral agreements)

Key Features

• ✅ 18 MCP Tools for labour law compliance (8 core + 10 travel platform tools)
• ✅ Pure Data Layer - structured responses from official government sources (no AI generation)
• ✅ Read-Only Database Access to Travel Compliance Platform
• ✅ Redis Caching for regulatory data (30-day TTL)
• ✅ OAuth 2.0 Authentication with Azure AD
• ✅ GDPR Compliant - data minimization, stateless tool calls, audit logging
• ✅ Security-First - OWASP Top 10 mitigation, rate limiting, input validation

🚀 Quick Start

Prerequisites

• Node.js ≥ 20.0.0
• npm ≥ 10.0.0
• Docker (for containerised deployment)
• PostgreSQL 15 (read-only access to platform database)
• Redis 7 (caching layer)

Installation

1. Clone the repository

   git clone <repository-url>
   cd "Compliance MCP server"
   

2. Install dependencies

   npm install
   

3. Configure environment variables

   cp .env.example .env
   # Edit .env with your configuration
   

4. Start development server

   npm run dev
   

   The server will start on http://localhost:3000

Docker Deployment

The project includes a complete Docker Compose setup with:

• MCP Server (Node.js 20 Alpine, multi-stage build)
• PostgreSQL 15 (read-only replica with test data)
• Redis 7 (512MB cache with LRU eviction)

# Start all services (MCP server, PostgreSQL, Redis)
docker compose up -d

# Check service health
docker compose ps

# View logs
docker compose logs -f mcp-server

# Stop all services
docker compose down

# Stop and remove all data (fresh start)
docker compose down -v

Services:

• MCP Server: http://localhost:3100 (health check: /health)
• PostgreSQL: localhost:5435 (credentials: readonly_user/readonly_password)
• Redis: localhost:6381

Features:

• ✅ Automatic database retry logic with exponential backoff
• ✅ Health checks for all services
• ✅ Read-only PostgreSQL user with sample data
• ✅ Persistent volumes for data retention
• ✅ Docker network isolation
• ✅ Non-root container users for security

🏗️ Project Structure

.
├── src/
│   ├── index.ts                    # Main entry point
│   ├── tools/                      # 18 MCP tools implementation
│   ├── types/                      # TypeScript type definitions
│   ├── data/
│   │   └── jurisdictions/          # Regulatory data per country (31 jurisdictions)
│   ├── utils/                      # Utility functions
│   ├── middleware/                 # Express middleware (auth, rate limiting)
│   ├── config/                     # Configuration files
│   ├── services/                   # Database, Redis, webhook services
│   └── tests/
│       ├── tools/                  # Unit tests for MCP tools
│       ├── integration/            # Integration tests with platform
│       └── unit/                   # Unit tests for utilities
├── docs/
│   ├── API/                        # API documentation
│   ├── ARCHITECTURE/               # System design docs
│   ├── SECURITY/                   # Security documentation
│   ├── TESTING/                    # Test strategy
│   ├── DEPLOYMENT/                 # Deployment guides
│   └── MAINTENANCE/                # Regulatory update procedures
├── docker/
│   └── postgres/
│       └── init.sql                # PostgreSQL initialisation
├── Documents/                      # Project specifications
├── CLAUDE.md                       # Guidance for Claude Code
├── package.json                    # Node.js dependencies
├── tsconfig.json                   # TypeScript configuration
├── docker-compose.yml              # Multi-service orchestration
├── Dockerfile                      # Production container image
└── README.md                       # This file

🛠️ Development

Available Scripts

# Development
npm run dev              # Start MCP server with hot reload
npm run dev:api          # Start REST API server with hot reload
npm run build            # Build TypeScript to dist/
npm start                # Start MCP server in production
npm start:api            # Start REST API server in production

# Testing
npm test                 # Run tests with Vitest
npm run test:api         # Run API integration tests
npm run test:coverage    # Run tests with coverage report

# Code Quality
npm run lint             # Lint TypeScript files
npm run lint:fix         # Auto-fix linting issues
npm run format           # Format code with Prettier
npm run typecheck        # Type check without emitting

# Docker
npm run docker:up        # Start all services
npm run docker:down      # Stop all services
npm run docker:logs      # View container logs

Development Workflow

1. Create a new feature branch

   git checkout -b feature/new-mcp-tool
   

2. Implement changes following guidelines

   • British English spelling
   • TypeScript strict mode
   • Comprehensive error handling
   • Official source citations

3. Write tests (minimum 3 scenarios per MCP tool)

   npm test
   

4. Type check and lint

   npm run typecheck
   npm run lint
   

5. Commit and push

   git add .
   git commit -m "feat: add new MCP tool for X"
   git push origin feature/new-mcp-tool
   

🔐 Security

Authentication

• OAuth 2.0 with Azure AD (server-to-server client credentials flow)
• Bearer token required in Authorization header
• Token refresh logic for expired tokens

Rate Limiting

• 100 requests per 15 minutes per platform instance
• HTTP 429 response when limit exceeded

Data Protection

• GDPR compliant - data minimization, purpose limitation
• No PII in logs - only metadata (timestamp, tool called, country)
• Stateless tool calls - no query data retention
• Read-only database access - never write to platform database

Audit Logging

• All compliance queries logged with metadata
• 2-year retention period
• Access restricted to DPO and authorised personnel

For detailed security information, see

🌐 REST API

The MCP server provides a REST API for HTTP-based access to all 18 compliance tools.

Quick Start

# Start API server
npm run dev:api

# Server runs on http://localhost:3000

# Check health
curl http://localhost:3000/health

# View API documentation
open http://localhost:3000/api-docs

Authentication

OAuth 2.0 client credentials flow with Azure AD:

# Get access token
curl -X POST "https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token" \
  -d "grant_type=client_credentials&client_id={id}&client_secret={secret}&scope=api://compliance-mcp-server/.default"

# Use token
curl -X POST "http://localhost:3000/mcp/v1/tools/query_labor_law" \
  -H "Authorization: Bearer {token}" \
  -H "Content-Type: application/json" \
  -d '{"parameters": {"jurisdiction": "DE", "topic": "working_time"}}'

Key Features

• ✅ 18 MCP Tools accessible via POST /mcp/v1/tools/{toolName}
• ✅ Resource Endpoints for labour law data: GET /mcp/v1/resources/labor/{country}/{type}
• ✅ Rate Limiting - 100 requests per 15 minutes per OAuth client
• ✅ Webhook Callbacks - compliance alerts, works council deadlines, GDPR updates
• ✅ OpenAPI 3.0 - complete API specification at /openapi.json
• ✅ Swagger UI - interactive documentation at /api-docs

Documentation

• - Complete API documentation (31 KB)
• - Get started in 5 minutes
• - Machine-readable spec

📚 Documentation

• - Development guidelines for Claude Code
• - REST API reference with examples
• - 5-minute getting started guide
• - System design and database integration
• - Authentication, GDPR, threat model
• - Test strategy and jurisdiction coverage
• - Docker setup and Azure configuration
• - Regulatory update procedures

🌍 Jurisdiction Coverage

EU Member States (27)

Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden

EEA Countries (3)

Iceland, Liechtenstein, Norway

Bilateral Agreements (1)

Switzerland

🔧 MCP Tools

Original Tools (8)

1. query_labor_law - Jurisdiction-specific labour law queries
2. compare_jurisdictions - Multi-country compliance comparison
3. check_compliance_scenario - Scenario validation against regulations
4. get_enforcement_contacts - Labour inspectorate contacts
5. query_directive_implementation - EU directive tracking
6. search_case_law - ECJ rulings database
7. calculate_compliance_cost - Implementation cost estimation
8. get_collective_agreements - Sector-specific agreements

Travel Platform Tools (10)

9. classify_travel_vs_posted_work - Business travel vs. posting determination
10. analyze_working_time_mobile_workforce - Multi-jurisdiction working time
11. assess_certification_training_compliance - Professional certification obligations
12. assess_works_council_requirements_travel_platform - Co-determination rights
13. assess_gdpr_compliance_travel_platform - Data protection evaluation
14. assess_ai_compliance_travel_platform - EU AI Act compliance assessment
15. validate_a1_certificate_requirement - A1 posting certificate necessity
16. calculate_schengen_working_days - Tourism vs. work day distinction
17. check_visa_work_authorization - Visa validity for employment
18. generate_posted_worker_notification - Auto-fill notification forms

For detailed tool documentation, see

Version: 0.1.0 Last Updated: 2025-01-10