LPGMCP

marcycode/LPGMCP

3.1

If you are the rightful owner of LPGMCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

Local Privacy Guardian MCP is a zero-trust file firewall designed for AI applications, ensuring data privacy and security by intercepting file access and enforcing strict policies.

Local Privacy Guardian MCP

A zero-trust file firewall for AI. It intercepts file access from AI tools via MCP, enforces least-privilege policies, redacts sensitive data inline, and emits tamper-evident audit logs—so users can use AI on their machines without leaking secrets or PII.

1. Problem & Value

Modern AI tools can read local files or upload data to the cloud without guardrails. Users and developers routinely expose PII/PHI/PCI and secrets (tokens, keys) in prompts and RAG pipelines.

Value: Before any AI client touches local data, enforce deny-by-default access, minimize data via redaction, and create verifiable evidence of what was shared.

2. Tool Definitions

Get_policy

Purpose: Returns the current privacy enforcement policy
What it does: Shows you what privacy rules and settings are currently active
Use case: Understanding what privacy protections are in place before working with files or data

Scan_text

Purpose: Scans raw text for likely PII and returns detailed findings
What it does: Analyzes any text you provide and identifies PII like emails, phone numbers, names with exact character positions

Safe_read

Purpose: reads text files when enforcing privacy policy & offering optional redaction
What it does:

  • Reads file content safely according to privacy rules
  • Automatically redact PII if requested
  • May truncate large files (controlled by max_bytes parameter)
  • Returns the content plus any PII findings and redaction information

Parameters:

  • relpath (required): path to the file
  • max_bytes (optional): limit file size read
  • redact (optional): whether to automatically redact PII

Copy_redacted_file

Purpose: Creates a privacy-safe copy of a file with PII automatically redacted
What it does:

  • Makes a new copy of the original file in a "./redacted" directory
  • Automatically replaces detected PII with redaction markers
  • Returns the path to the new redacted file plus details about what was found/redacted

Parameters:

  • relpath (required): original file to redact
  • out_relpath (optional): custom output path for the redacted copy