sanitize-mcp

sohei1l/sanitize-mcp

3.2

If you are the rightful owner of sanitize-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.

The Sanitize MCP Server is designed to protect sensitive information by detecting and redacting secrets, PII, and prompt injections from code before sending it to LLMs.

Tools
3
Resources
0
Prompts
0

🛡️ Sanitize MCP Server

Remove secrets, PII, and prompt injections from code before sending to LLMs.

A Model Context Protocol (MCP) server that sanitizes source code by detecting and redacting sensitive information like API keys, personal data, and malicious prompts. All activity is automatically logged to help you monitor what data is being processed.

🚀 Quick Setup

npm install
npm run build
npm start

🔌 Connect to Your Tools

Cursor IDE

Add to your ~/.cursor/config.json:

{
  "mcpServers": {
    "sanitize": {
      "command": "node",
      "args": ["/path/to/sanitize-mcp/dist/index.js"]
    }
  }
}

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "sanitize": {
      "command": "node",
      "args": ["/path/to/sanitize-mcp/dist/index.js"]
    }
  }
}

💡 Set it up once and forget it! All sanitization activity is automatically and permanently logged to dist/sanitization.log - no need to rerun or reconfigure.

🤖 Auto-Sanitization Setup for Cursor

To make Cursor automatically sanitize sensitive content, add these rules to your Cursor system prompt/instructions:

You are a security-conscious AI assistant. IMPORTANT: Before responding to any message with sensitive data, always use the smart-sanitize tool to check for and redact:
- API keys
- Email addresses
- Personal information

Always sanitize before responding to sensitive content.

How to add:

  1. Open Cursor SettingsRules (or System Instructions)
  2. Add the above text to your existing rules
  3. Save settings
  4. Restart Cursor for changes to take effect

Now Cursor will automatically invoke the smart-sanitize tool when it detects sensitive content in your messages!

✨ What It Does

  • 🔐 Detects 12+ types of secrets (OpenAI, GitHub, AWS, Stripe, JWT tokens, etc.)
  • 🛡️ Removes PII (emails, phones, SSNs, credit cards, etc.)
  • 🚫 Blocks prompt injections (LLM_IGNORE, DO_NOT_READ markers, etc.)
  • 📊 Automatically logs everything to dist/sanitization.log
  • 🤖 Smart auto-detection - only processes when sensitive content is found
  • ⚙️ Fully configurable via JSON config file

🛠️ Available Tools

ToolDescription
sanitize-codeClean code and get sanitization results
smart-sanitizeAuto-detect and sanitize sensitive content
get-sanitization-logsView recent activity from the persistent logs

📝 Basic Usage

Smart sanitization (auto-detects):

{
  "name": "smart-sanitize",
  "arguments": {
    "text": "My email is john@example.com and API key is sk-1234567890abcdef"
  }
}

Response:

{
  "sensitiveDetected": true,
  "cleaned": "My email is <PII_REDACTED> and API key is <REDACTED>",
  "removedCount": 2,
  "warning": "⚠️ Sensitive data was detected and sanitized"
}

Manual code sanitization:

{
  "code": "const key = 'sk-1234567890abcdef'; // API key",
  "includeDetails": true
}

Response:

{
  "cleaned": "const key = '<REDACTED>'; ",
  "removedCount": 1,
  "details": { "secretsRemoved": 1, "piiRemoved": 0 }
}

View activity logs:

// See what's been sanitized recently
{ "name": "get-sanitization-logs", "arguments": { "count": 5 } }

⚙️ Configuration

Edit src/sanitizer-config.json to:

  • Enable/disable specific patterns
  • Add custom detection rules
  • Adjust redaction text

Example custom pattern:

{
  "secretPatterns": [
    {
      "name": "My API Key",
      "pattern": "myapi_[A-Za-z0-9]{32}",
      "enabled": true
    }
  ]
}

📊 Automatic Logging

All sanitization activity is automatically logged to dist/sanitization.log including:

  • Real-time console output shows sanitization summaries
  • Persistent file logging tracks all activity permanently
  • Detailed JSON logs with before/after previews and statistics

The logs persist across restarts and provide a complete audit trail of what data has been processed by the sanitizer.

🧪 Testing

npm test  # Run comprehensive smoke tests

The test suite verifies detection of secrets, PII, injections, and configuration management with professional ✅❌ output.

🌟 Like this project?

⭐ Give it a star on GitHub! It helps others discover this tool.

🤝 Contributing

We welcome contributions! Here's how:

  1. 🍴 Fork the repository
  2. 🌱 Create a feature branch (git checkout -b feature/amazing-pattern)
  3. ✨ Add your changes and tests
  4. ✅ Test with npm test
  5. 📤 Submit a pull request

Ideas for contributions:

  • New detection patterns for other services
  • Additional PII types
  • Performance improvements
  • Better logging formats
  • Integration examples

📜 License

MIT - Feel free to use in your projects!

Questions? Open an issue • Feature requests? Create a discussion • Security concerns? Email soheil.hm@gmail.com