Open source MCP server

Philter MCP

Q: "What is Philter MCP?"

"An open source MCP (Model Context Protocol) server that exposes Philter's PII and PHI redaction as tools any MCP-aware client can call, including Claude Desktop, Claude Code, Cursor, Continue, and Goose. It wraps a running Philter 3.x instance, so your data stays inside your own environment."

Q: "How is this different from the Philter AI Proxy?"

"The \u003ca href=\"/philter-ai-proxy/\"\u003ePhilter AI Proxy\u003c/a\u003e sits in front of production LLM traffic and redacts prompts at the network layer. Philter MCP is the client-side counterpart for development and agent workflows: it gives a developer or an agent redaction tools to call directly inside the tool loop. Many teams run both."

Q: "Does my sensitive data go to the model?"

"No. The redaction tools never return the original matched values. The redaction report contains filter types, character positions, confidence, and the replacement token, but not the matched text, so nothing sensitive enters the model's context. You can opt in to returning matched text locally for policy debugging."

Q: "What do I need to run it?"

"A running Philter 3.x instance reachable from where the server runs, and an MCP-aware client. Install and launch it with \u003ccode\u003euvx philter-mcp\u003c/code\u003e (or \u003ccode\u003epipx run philter-mcp\u003c/code\u003e), then point \u003ccode\u003ePHILTER_BASE_URL\u003c/code\u003e at your Philter instance. A Docker image is also available."

Q: "Which clients are supported?"

"Any MCP-aware client. That includes Claude Desktop, Claude Code, Cursor, Continue, and Goose. Configuration is a short JSON block, or a single \u003ccode\u003eclaude mcp add\u003c/code\u003e command for Claude Code."

Philter MCP exposes Philter's PII and PHI redaction as Model Context Protocol tools that Claude Desktop, Claude Code, Cursor, and other MCP-aware clients can call from inside an agent's tool loop. Where the Philter AI Proxy guards production LLM traffic, Philter MCP brings the same redaction into your development workflows, with no integration code to write.

View on GitHub

Star 1

One block of config. Redaction tools in your agent's loop.

// claude_desktop_config.json
{
  "mcpServers": {
    "philter": {
      "command": "uvx",
      "args": ["philter-mcp"],
      "env": {
        "PHILTER_BASE_URL": "https://localhost:8080",
        "PHILTER_VERIFY_SSL": "false"
      }
    }
  }
}

# Then, in chat:
# "Before I share this log, redact any personal data: <paste>"

Release Notes → GitHub →

Redaction inside the agent loop

Six redaction tools over MCP

redact_text and redact_file redact PII and PHI and return a report. explain_redactions is a dry run for policy debugging. list_policies, get_policy, and status let an agent inspect the connected Philter instance.

Privacy by design

The redaction tools never return the original matched values. The report contains filter types, character positions, confidence, and the replacement token, but not the matched text, so nothing sensitive enters the model's context.

Works with the clients you already use

Any MCP-aware client can call it: Claude Desktop, Claude Code, Cursor, Continue, Goose, and others. Configuration is a short JSON block, or a single claude mcp add command for Claude Code.

Self-hosted, like the rest of Philter

Philter MCP is a thin client in front of your own Philter 3.x instance. Philter runs entirely within your environment, so your data never leaves your perimeter.

Policy-driven and consistent

Uses the same Phileas policies as the rest of the toolkit. Tool calls accept optional policy, context, and document_id arguments so consistent anonymization and format-preserving behavior hold across requests.

One line to install

Launch it with uvx philter-mcp (or pipx run philter-mcp); a Docker image is also published. Point PHILTER_BASE_URL at your Philter instance and the tools appear in your client.

Frequently asked questions

If something here isn’t covered, get in touch and we’ll answer.

What is Philter MCP?

An open source MCP (Model Context Protocol) server that exposes Philter's PII and PHI redaction as tools any MCP-aware client can call, including Claude Desktop, Claude Code, Cursor, Continue, and Goose. It wraps a running Philter 3.x instance, so your data stays inside your own environment.

How is this different from the Philter AI Proxy?

The Philter AI Proxy sits in front of production LLM traffic and redacts prompts at the network layer. Philter MCP is the client-side counterpart for development and agent workflows: it gives a developer or an agent redaction tools to call directly inside the tool loop. Many teams run both.

Does my sensitive data go to the model?

No. The redaction tools never return the original matched values. The redaction report contains filter types, character positions, confidence, and the replacement token, but not the matched text, so nothing sensitive enters the model's context. You can opt in to returning matched text locally for policy debugging.

What do I need to run it?

A running Philter 3.x instance reachable from where the server runs, and an MCP-aware client. Install and launch it with uvx philter-mcp (or pipx run philter-mcp), then point PHILTER_BASE_URL at your Philter instance. A Docker image is also available.

Which clients are supported?

Any MCP-aware client. That includes Claude Desktop, Claude Code, Cursor, Continue, and Goose. Configuration is a short JSON block, or a single claude mcp add command for Claude Code.

Ready to use Philter MCP?

Three ways to get going: deploy the open source yourself, spin it up from a cloud marketplace, or work with our team directly. Pick the path that fits.

See your options