- Home
- MCP servers
- MCP Conceal
MCP Conceal
- rust
8
GitHub Stars
rust
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"gbrigandi-mcp-server-conceal": {
"command": "mcp-server-conceal",
"args": [
"--target-command",
"python3",
"--target-args",
"database-server.py --host localhost",
"--config",
"/path/to/mcp-server-conceal.toml"
],
"env": {
"DATABASE_URL": "postgresql://localhost/mydb"
}
}
}
}MCP Conceal is a proxy that analyzes data for PII and replaces sensitive information with consistent, fake equivalents before it reaches external AI providers. It preserves semantic structure and data relationships so AI tools can analyze results effectively while keeping real identifiers protected.
How to use
You run MCP Conceal as a proxy in front of your MCP server. The server detects PII using your chosen strategy, replaces it with consistent fake data, and forwards the sanitized responses to your AI client. You can run with a local target process or point to another MCP server, and you can customize how detection and anonymization are performed.
How to install
Prerequisites are a Rust toolchain and a target language/runtime for your MCP client. You will build from source or use a pre-built binary for your platform.
Configuration and usage details
You can customize how PII is detected and how fake data is generated. The configuration supports detection modes, faker settings, mapping retention, and LLM integration parameters. A minimal example enables regex-based detection with an Ollama-based LLM for remaining cases.
[detection]
mode = "regex_llm" # Detection strategy: regex, llm, regex_llm
enabled = true
confidence_threshold = 0.8 # Detection confidence threshold (0.0-1.0)
[detection.patterns]
e-mail = "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b"
phone = "\\b(?:\\+?1[-\\.\\s]?)?(?:\\(?[0-9]{3}\\)?[-\\.\\s]?)?[0-9]{3}[-\\.\\s]?[0-9]{4}\\b"
ssn = "\\b\\d{3}-\d{2}-\d{4}\\b"
credit_card = "\\b\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}[-\\s]?\\d{4}\\b"
ip_address = "\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b"
url = "https?://[^\\s/$.?#].[^\\s]*"
[faker]
locale = "en_US" # Locale for generating realistic fake PII data
seed = 12345 # Seed ensures consistent anonymization across restarts
consistency = true # Same real PII always maps to same fake data
[mapping]
database_path = "mappings.db" # SQLite database storing real-to-fake mappings
retention_days = 90 # Delete old mappings after N days
[llm]
model = "llama3.2:3b" # Ollama model for PII detection
endpoint = "http://localhost:11434"
timeout_seconds = 180
prompt_template = "default" # Template for PII detection prompts
[llm_cache]
enabled = true # Cache LLM detection results for performance
database_path = "llm_cache.db"
max_text_length = 2000
Advanced usage
The example below shows how to wire MCP Conceal to a local server and how to customize prompts for domain-specific PII patterns.
{
"mcpServers": {
"database": {
"command": "mcp-server-conceal",
"args": [
"--target-command", "python3",
"--target-args", "database-server.py --host localhost",
"--config", "/path/to/mcp-server-conceal.toml"
],
"env": {
"DATABASE_URL": "postgresql://localhost/mydb"
}
}
}
}
Environment variables
You can pass environment variables to the target process through the MCP Conceal proxy. The following example shows how to set a database URL and an API key for the target server.
mcp-server-conceal \
--target-command node \
--target-args "server.js" \
--target-env "DATABASE_URL=postgresql://localhost/mydb" \
--target-env "API_KEY=secret123" \
--config mcp-server-conceal.toml
Troubleshooting
Enable debug logging to diagnose issues. Check common problems like invalid patterns, connectivity to the local LLM service, database permissions, and missing prompt templates.
RUST_LOG=debug mcp-server-conceal \
--target-command python3 \
--target-args server.py \
--config mcp-server-conceal.toml
Security
The mapping database contains real-to-fake data mappings. Protect this file with appropriate permissions. Run LLM-based detection only on trusted infrastructure.
Contributing
Contributions are welcome. Follow these steps to get started.
# Development setup
rustup target add aarch64-unknown-linux-gnu
# Build in development mode
cargo build
cargo test
# Run with debug logging
RUST_LOG=debug cargo run -- --target-command cat --target-args test.txt --config mcp-server-conceal.toml