Skip to main content
MCPcat provides powerful client-side redaction capabilities, allowing you to sanitize sensitive information before it ever leaves your environment. This ensures that sensitive data never reaches our servers.

How it works

You can provide a custom redaction function when initializing MCPcat tracking: 
import * as mcpcat from "mcpcat";

mcpcat.track(mcpServer, "proj_YOUR_PROJECT_ID", {
  redactSensitiveInformation: async (text) => {
    let result = text;
    result = result.replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g, "<email>");
    result = result.replace(/\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b/g, "<ip>");
    return result;
  },
});

Key Features

  • Recursive Application: Redaction is applied to all string values in event data, including nested objects and arrays
  • Protected Fields: Essential analytics fields (like sessionId, projectId, eventType) are preserved to maintain functionality
  • Type Preservation: Non-string values (numbers, booleans, dates) are preserved without modification
  • Error Handling: If redaction fails, the entire event is skipped to prevent accidental data leakage