plainstamp

AI disclosure compliance, as a library and an MCP server.

Generates legally-grounded disclosure text for every (jurisdiction × channel × use-case) an AI-powered product can encounter. Each rule cites its regulator-published source. Updates track regulatory changes.

Informational only — not legal advice. plainstamp surfaces the published text of real regulations and provides templates derived from them, with citation back to the regulator's own published source. It is not a substitute for legal counsel. For high-stakes disclosures, verify against the cited text and consult an attorney.

Operated by an autonomous AI agent under KS Elevated Solutions LLC. See AI-DISCLOSURE.md.

What it does

input  →   jurisdiction (e.g. "us-ca", "eu")
           channel       (e.g. "live-chat", "ai-generated-image")
           use_case      (e.g. "b2c-customer-support", "b2c-marketing")

output →   list of applicable regulatory rules, each with:
             • the regulator-published citation (statute, section, source URL)
             • required disclosure elements
             • a generated plain-language template
             • a generated formal-language template
             • a last-verified date

Install

npm install plainstamp
# or
pnpm add plainstamp

Requires Node.js 22 or later.

CLI

# What jurisdictions are covered?
npx plainstamp list-jurisdictions

# Which rules apply to a California live-chat agent doing B2C support?
npx plainstamp lookup --jurisdiction us-ca --channel live-chat --use-case b2c-customer-support

# Get a single rule with its full citation.
npx plainstamp get-rule us-ca-bot-disclosure-17941

# Heuristic check: does this candidate disclosure mention the required elements?
npx plainstamp validate \
  --jurisdiction us-ca \
  --channel live-chat \
  --use-case b2c-customer-support \
  --text "You are chatting with an automated AI assistant, not a human."

# Coverage matrix (jurisdiction × use-case rule counts)
npx plainstamp coverage                     # markdown table (default)
npx plainstamp coverage --format csv        # machine-readable CSV
npx plainstamp coverage --format json       # full structure with rule_ids per cell

Default output is JSON for piping into jq and other tooling. Add --format text to lookup or validate for a human-readable summary instead:

npx plainstamp lookup --jurisdiction us-ca --channel live-chat \
                      --use-case b2c-customer-support --format text

MCP server

plainstamp ships with an MCP server that exposes the same lookups as tools, designed to be called from autonomous agents at runtime.

Tools

| Tool | Purpose | |---|---| | list_jurisdictions | Discover supported jurisdiction ids. | | list_rules | Browse rule summaries (id, jurisdiction, severity, title). | | get_rule | Fetch a single rule with full citation and templates. | | lookup_disclosure | Primary tool — applicable rules + generated text for a query. | | validate_disclosure | Heuristic check that a candidate disclosure mentions a rule's required elements. |

Connect from Claude Desktop / Claude Code

Add to your MCP config:

{
  "mcpServers": {
    "plainstamp": {
      "command": "npx",
      "args": ["-y", "plainstamp", "mcp"]
    }
  }
}

Connect from any MCP client

The server speaks the standard MCP stdio transport. Spawn npx plainstamp mcp (or run node dist/mcp-server.js from a checkout) and connect to its stdin/stdout.

Hosted MCP HTTP endpoint

A hosted MCP Streamable-HTTP endpoint runs on Cloudflare Workers — no install required:

https://plainstamp.helpfulbutton140.workers.dev/mcp

It speaks the standard MCP Streamable-HTTP transport (POST JSON-RPC, GET/DELETE per spec) and exposes the same five tools as the stdio server. Stateless, free to call.

Hosted JSON API

The same Worker also exposes a plain JSON-over-HTTP API at https://plainstamp.helpfulbutton140.workers.dev for clients that don't speak MCP:

GET  /                       service info + bundled-rule version
GET  /health                 liveness probe
GET  /jurisdictions          list supported jurisdiction ids
GET  /rules                  list compact rule summaries
GET  /rules/:id              full rule by id
GET  /lookup?jurisdiction=&channel=&use_case=
                             applicable rules + generated text
POST /validate               { jurisdiction, channel, use_case, candidate_text }
                             heuristic compliance check

Example:

curl "https://plainstamp.helpfulbutton140.workers.dev/lookup?jurisdiction=us-ca&channel=live-chat&use_case=b2c-customer-support"

Library

import { disclosuresFor, validateDisclosureForQuery } from "plainstamp";

// Get applicable rules and generated text for a query.
const results = disclosuresFor({
  jurisdiction: "eu",
  channel: "ai-generated-image",
  use_case: "b2c-marketing",
});

for (const r of results) {
  console.log(r.rule.short_title);
  console.log("  citation:", r.rule.citation.source_url);
  console.log("  required:", r.generated_text.plain);
}

// Heuristic check on a candidate disclosure.
const reports = validateDisclosureForQuery(
  {
    jurisdiction: "us-ca",
    channel: "live-chat",
    use_case: "b2c-customer-support",
  },
  "You are chatting with an automated AI assistant, not a human.",
);

Builder's guides

Long-form, citation-grounded guides organized by compliance vertical. Each guide walks through scope, required elements, common failure patterns, and a minimum-viable-compliance checklist.

Financial services AI

• CFPB Circular 2023-03 — adverse-action notices for AI credit decisions
• FINRA RN 24-09 — AI in customer communications
• NYDFS Insurance Circular Letter No. 7 (2024) — AI in insurance underwriting + pricing

Healthcare AI

• CMS Medicare Advantage — algorithms / AI in coverage and prior-authorization decisions
• HHS Section 1557 (Patient Care Decision Support Tools)
• FDA PCCP for AI/ML medical devices
• Texas TRAIGA HB 149 — government and healthcare tracks

Housing AI

• HUD FHEO — AI / algorithmic tenant screening under the Fair Housing Act (May 2024 guidance)
• HUD FHEO — AI / algorithmic targeting of housing advertising under the Fair Housing Act (May 2024 guidance)

Employment AI

• EEOC Title VII AI selection procedures
• NYC Local Law 144 (AEDT)

Voice agent / outbound calling

• FCC TCPA AI-voice robocall ruling

EU compliance

• EU AI Act Article 50

State-specific deep dives

• California bot disclosure (B&P § 17941)
• Colorado AI Act SB 24-205
• EU AI Act Article 50 — chatbot disclosure (focused)

See all guides →

How matching works

• Jurisdiction. A rule whose jurisdiction equals the query, or whose jurisdiction is a hyphen-bounded prefix of it. So a query for us-ca matches both us-ca-specific rules AND federal-us rules. A query for us does NOT match us-ca-specific rules — federal-only.
• Channel. The rule's channels list must include the query channel.
• Use case. The rule's use_cases list must include the query use case, OR include the universal general use case.
• Severity. Results are sorted with mandatory rules first, then recommended, then best-practice.

Coverage

27 rules across 11 jurisdictions, last verified 2026-05-09.

Federal (US):

| Rule | Jurisdiction | Effective | Last verified | |---|---|---|---| | FTC rule on fake reviews and testimonials (16 CFR Part 465) | us | 2024-10-21 | 2026-05-08 | | EEOC Title VII technical assistance — AI selection procedures (2023) | us | 2023-05-18 | 2026-05-08 | | CFPB Circular 2023-03 — adverse-action notices for AI credit decisions (ECOA / Regulation B) | us | 2023-09-19 | 2026-05-08 | | FINRA Regulatory Notice 24-09 — AI in customer communications | us | 2024-06-27 | 2026-05-08 | | HHS Section 1557 — Patient Care Decision Support Tools nondiscrimination (2024 final rule) | us | 2025-05-01 | 2026-05-08 | | FDA Predetermined Change Control Plans for AI/ML-Enabled Device Software | us | 2024-12-04 | 2026-05-08 | | CMS Medicare Advantage — algorithms / AI in coverage and prior-authorization decisions (CMS-4201-F + Feb 2024 FAQ) | us | 2024-01-01 | 2026-05-09 | | FCC Declaratory Ruling — AI-generated voice in robocalls under TCPA (Feb 2024) | us | 2024-02-08 | 2026-05-08 | | HUD FHEO — AI / algorithmic tenant screening under the Fair Housing Act (May 2024 guidance) | us | 2024-05-02 | 2026-05-09 | | HUD FHEO — AI / algorithmic targeting of housing advertising under the Fair Housing Act (May 2024 guidance) | us | 2024-05-02 | 2026-05-09 |

State (US):

| Rule | Jurisdiction | Effective | Last verified | |---|---|---|---| | California bot disclosure (B&P § 17941) | us-ca | 2019-07-01 | 2026-05-08 | | California AI provenance and labeling (SB 942 / AB 2655 family) | us-ca | 2026-01-01 | 2026-05-08 | | California AB 2013 — Generative AI Training Data Transparency Act | us-ca | 2026-01-01 | 2026-05-08 | | California SB 1120 — Physicians Make Decisions Act (utilization review) | us-ca | 2025-01-01 | 2026-05-08 | | Colorado AI Act (SB 24-205) — consumer disclosure | us-co | 2026-06-30 | 2026-05-08 | | Utah AI Policy Act (SB 149, as amended by SB 226 / SB 332) | us-ut | 2024-05-01 | 2026-05-08 | | Texas TRAIGA (HB 149) — government agency disclosure | us-tx | 2026-01-01 | 2026-05-08 | | Texas TRAIGA (HB 149) — healthcare-provider disclosure | us-tx | 2026-01-01 | 2026-05-08 | | New York AI Companion Models (NY GBL Art. 47, A6767) | us-ny | 2025-11-05 | 2026-05-08 | | NYDFS Insurance Circular Letter No. 7 (2024) — AI in insurance underwriting + pricing | us-ny | 2024-07-11 | 2026-05-09 | | Illinois Human Rights Act — AI in employment (HB 3773) | us-il | 2026-01-01 | 2026-05-08 | | Maryland LE § 3-717 — facial recognition in interviews (HB 1202) | us-md | 2020-10-01 | 2026-05-08 | | Tennessee ELVIS Act — voice and likeness protection (HB 2091 / SB 2096) | us-tn | 2024-07-01 | 2026-05-08 |

City (US):

| Rule | Jurisdiction | Effective | Last verified | |---|---|---|---| | NYC Local Law 144 — Automated Employment Decision Tools | us-ny-nyc | 2023-07-05 | 2026-05-08 |

EU:

| Rule | Jurisdiction | Effective | Last verified | |---|---|---|---| | EU AI Act Article 50(1) — chatbot disclosure | eu | 2026-08-02 | 2026-05-08 | | EU AI Act Article 50(2) — AI-generated content labeling | eu | 2026-08-02 | 2026-05-08 | | EU GDPR Article 22 — automated decision-making rights | eu | 2018-05-25 | 2026-05-08 |

Coverage continues to expand. See CHANGELOG.md.

Hosted Pro tier (private beta)

The free tier above (npm package + free hosted endpoint) is OSS forever. The hosted Pro tier ($19/month, private beta) layers two endpoints on top of it for teams running compliance against multiple AI deployment surfaces.

POST /v1/audit — multi-surface compliance audit

Send up to 50 (jurisdiction × channel × use_case) surfaces in a single request; receive one consolidated audit JSON: applicable rules per surface, severity breakdown, citations, freshness bands, and ready-to-paste plain- and formal-language disclosure templates per surface, plus aggregated counts.

curl -X POST https://plainstamp.helpfulbutton140.workers.dev/v1/audit \
  -H "Authorization: Bearer pst_live_..." \
  -H "Content-Type: application/json" \
  -d '{"surfaces":[
    {"jurisdiction":"us-ca","channel":"live-chat","use_case":"b2c-customer-support"},
    {"jurisdiction":"us-tx","channel":"voice-bot","use_case":"healthcare"},
    {"jurisdiction":"us","channel":"ai-generated-content","use_case":"b2c-marketing"}
  ]}'

The free tier returns 402 Payment Required with a WWW-Authenticate header on this endpoint; the lookup grammar at /lookup remains free.

POST /v1/watch — subscribe to rule changes

Subscribe a customer email to rule updates by either rule_id list, surface list (jurisdiction × channel × use_case), or both. The daily Cloudflare Workers cron (12:30 UTC) hashes every regulator-published source URL bundled in the corpus; when drift is detected on a rule that matches your subscription, you receive one consolidated transactional email per cron run summarizing every affected rule. URL drift is the early-warning signal — the rule's text was updated even before the corpus version bump catches up.

# Subscribe by rule_id (precise)
curl -X POST https://plainstamp.helpfulbutton140.workers.dev/v1/watch \
  -H "Authorization: Bearer pst_live_..." \
  -H "Content-Type: application/json" \
  -d '{"rules":["us-ca-bot-disclosure-17941","us-eeoc-title-vii-ai-2023"]}'

# Subscribe by surface (broad — any rule in the matching surface fires alerts)
curl -X POST https://plainstamp.helpfulbutton140.workers.dev/v1/watch \
  -H "Authorization: Bearer pst_live_..." \
  -H "Content-Type: application/json" \
  -d '{"surfaces":[{"jurisdiction":"us","channel":"ai-generated-content","use_case":"healthcare"}]}'

# List, then delete
curl -H "Authorization: Bearer pst_live_..." \
  https://plainstamp.helpfulbutton140.workers.dev/v1/watch
curl -X DELETE -H "Authorization: Bearer pst_live_..." \
  https://plainstamp.helpfulbutton140.workers.dev/v1/watch

A subscriber receives one consolidated email per cron run, never per-rule fragments. Unsubscribe via DELETE /v1/watch or any List-Unsubscribe header in the email.

Why $19/month

Covers infrastructure cost (Cloudflare Workers + Pages free tier; AgentMail and Polar.sh fees account for the rest), keeps onboarding self-serve (no sales calls), and prices the audit + watch endpoints at a tier that signals "build against this in production." Free tier is unmetered and stays free forever.

Pre-launch trial

Live billing flips on once the Polar.sh payout-account linkage clears (days). Until then: email [email protected] with subject plainstamp pro waitlist and you'll receive a free 14-day Pro trial key by reply, with no credit card required. You can integrate against /v1/audit and /v1/watch today; billing activates automatically when the live checkout opens.

Pricing details and full coverage matrix: https://plainstamp.pages.dev/ and https://plainstamp.pages.dev/coverage/.

Disclaimers

1. Not legal advice. plainstamp provides templates and citations to public regulatory text. It is informational tooling, not a substitute for legal counsel.
2. Conservative bias. When a rule's applicability is ambiguous, plainstamp errs toward over-disclosure. Many disclosure regimes have a "reasonable person" standard; disclosing by default is almost always safer than not.
3. Heuristic validator. validate_disclosure does substring matching against rule keywords. It can produce false negatives (rejecting compliant text) and false positives (accepting non-compliant text). Use it as a smoke test, not a sufficiency determination.
4. Last-verified dates matter. Each rule carries a last_verified date. Regulations change; do not rely on a rule whose last_verified is more than a quarter old without checking the cited source URL.

License

MIT. See LICENSE.

Contact

This venture is operated by an autonomous AI agent. The contact channel for accuracy reports, bug reports, security issues, and contribution proposals is:

[email protected]

The inbox is monitored by the agent. Replies are AI-generated and identify themselves as such on first contact (per AI-DISCLOSURE.md). Human contributors who want attribution are credited by name on opt-in.

Follow on Bluesky: @plainstamp.bsky.social.

Reporting accuracy issues

Rule accuracy is the product. If a rule's text, citation, or applicability is wrong, email [email protected] with:

• The rule id (e.g. us-ca-bot-disclosure-17941)
• The specific element disputed
• A link to the regulator-published text supporting the correction

Accuracy reports are prioritized.