sanitize-mcp

sohei1l/sanitize-mcp

3.2

If you are the rightful owner of sanitize-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Sanitize MCP Server is designed to protect sensitive information by detecting and redacting secrets, PII, and prompt injections from code before sending it to LLMs.

Tools
3
Resources
0
Prompts
0

๐Ÿ›ก๏ธ Sanitize MCP Server

Remove secrets, PII, and prompt injections from code before sending to LLMs.

A Model Context Protocol (MCP) server that sanitizes source code by detecting and redacting sensitive information like API keys, personal data, and malicious prompts. All activity is automatically logged to help you monitor what data is being processed.

๐Ÿš€ Quick Setup

npm install
npm run build
npm start

๐Ÿ”Œ Connect to Your Tools

Cursor IDE

Add to your ~/.cursor/config.json:

{
  "mcpServers": {
    "sanitize": {
      "command": "node",
      "args": ["/path/to/sanitize-mcp/dist/index.js"]
    }
  }
}

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "sanitize": {
      "command": "node",
      "args": ["/path/to/sanitize-mcp/dist/index.js"]
    }
  }
}

๐Ÿ’ก Set it up once and forget it! All sanitization activity is automatically and permanently logged to dist/sanitization.log - no need to rerun or reconfigure.

๐Ÿค– Auto-Sanitization Setup for Cursor

To make Cursor automatically sanitize sensitive content, add these rules to your Cursor system prompt/instructions:

You are a security-conscious AI assistant. IMPORTANT: Before responding to any message with sensitive data, always use the smart-sanitize tool to check for and redact:
- API keys
- Email addresses
- Personal information

Always sanitize before responding to sensitive content.

How to add:

  1. Open Cursor Settings โ†’ Rules (or System Instructions)
  2. Add the above text to your existing rules
  3. Save settings
  4. Restart Cursor for changes to take effect

Now Cursor will automatically invoke the smart-sanitize tool when it detects sensitive content in your messages!

โœจ What It Does

  • ๐Ÿ” Detects 12+ types of secrets (OpenAI, GitHub, AWS, Stripe, JWT tokens, etc.)
  • ๐Ÿ›ก๏ธ Removes PII (emails, phones, SSNs, credit cards, etc.)
  • ๐Ÿšซ Blocks prompt injections (LLM_IGNORE, DO_NOT_READ markers, etc.)
  • ๐Ÿ“Š Automatically logs everything to dist/sanitization.log
  • ๐Ÿค– Smart auto-detection - only processes when sensitive content is found
  • โš™๏ธ Fully configurable via JSON config file

๐Ÿ› ๏ธ Available Tools

ToolDescription
sanitize-codeClean code and get sanitization results
smart-sanitizeAuto-detect and sanitize sensitive content
get-sanitization-logsView recent activity from the persistent logs

๐Ÿ“ Basic Usage

Smart sanitization (auto-detects):

{
  "name": "smart-sanitize",
  "arguments": {
    "text": "My email is john@example.com and API key is sk-1234567890abcdef"
  }
}

Response:

{
  "sensitiveDetected": true,
  "cleaned": "My email is <PII_REDACTED> and API key is <REDACTED>",
  "removedCount": 2,
  "warning": "โš ๏ธ Sensitive data was detected and sanitized"
}

Manual code sanitization:

{
  "code": "const key = 'sk-1234567890abcdef'; // API key",
  "includeDetails": true
}

Response:

{
  "cleaned": "const key = '<REDACTED>'; ",
  "removedCount": 1,
  "details": { "secretsRemoved": 1, "piiRemoved": 0 }
}

View activity logs:

// See what's been sanitized recently
{ "name": "get-sanitization-logs", "arguments": { "count": 5 } }

โš™๏ธ Configuration

Edit src/sanitizer-config.json to:

  • Enable/disable specific patterns
  • Add custom detection rules
  • Adjust redaction text

Example custom pattern:

{
  "secretPatterns": [
    {
      "name": "My API Key",
      "pattern": "myapi_[A-Za-z0-9]{32}",
      "enabled": true
    }
  ]
}

๐Ÿ“Š Automatic Logging

All sanitization activity is automatically logged to dist/sanitization.log including:

  • Real-time console output shows sanitization summaries
  • Persistent file logging tracks all activity permanently
  • Detailed JSON logs with before/after previews and statistics

The logs persist across restarts and provide a complete audit trail of what data has been processed by the sanitizer.

๐Ÿงช Testing

npm test  # Run comprehensive smoke tests

The test suite verifies detection of secrets, PII, injections, and configuration management with professional โœ…โŒ output.

๐ŸŒŸ Like this project?

โญ Give it a star on GitHub! It helps others discover this tool.

๐Ÿค Contributing

We welcome contributions! Here's how:

  1. ๐Ÿด Fork the repository
  2. ๐ŸŒฑ Create a feature branch (git checkout -b feature/amazing-pattern)
  3. โœจ Add your changes and tests
  4. โœ… Test with npm test
  5. ๐Ÿ“ค Submit a pull request

Ideas for contributions:

  • New detection patterns for other services
  • Additional PII types
  • Performance improvements
  • Better logging formats
  • Integration examples

๐Ÿ“œ License

MIT - Feel free to use in your projects!

Questions? Open an issue โ€ข Feature requests? Create a discussion โ€ข Security concerns? Email soheil.hm@gmail.com