Zero-egress PII protection for Claude AI workflows via MCP stdio

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Ocultar from gravatar.com Ocultar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Tags anthropic , claude , gdpr , mcp , pii , privacy , security , zero-egress
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Ocultar PII Refinery — Claude MCP Extension

Zero-egress PII protection for Claude AI workflows. Runs entirely in your infrastructure — no data ever leaves your environment.

Tools

Tool Description
refine_text Redacts PII before sending text to Claude. Returns clean text + token map.
reveal_tokens De-tokenizes tokens back to plaintext (auditor-only, requires OCULTAR_AUDITOR_TOKEN).

Prerequisites

  • Ocultar Refinery running locally: 
    docker compose -f docker-compose.community.yml up
  • Python 3.10+

Installation

pip install ocultar-claude-mcp

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "ocultar-pii": {
      "command": "ocultar-claude-mcp",
      "env": {
        "OCULTAR_URL": "http://localhost:8080",
        "OCULTAR_API_KEY": "your-api-key"
      }
    }
  }
}

Claude Code (CLI)

claude mcp add ocultar-pii -- ocultar-claude-mcp

Or add to .claude/settings.json:

{
  "mcpServers": {
    "ocultar-pii": {
      "command": "ocultar-claude-mcp",
      "env": {
        "OCULTAR_URL": "http://localhost:8080",
        "OCULTAR_API_KEY": "your-api-key"
      }
    }
  }
}

Environment Variables

Variable Required Description
OCULTAR_URL Yes URL of your local Ocultar Refinery (default: http://localhost:8080)
OCULTAR_API_KEY No Bearer token for Refinery auth
OCULTAR_AUDITOR_TOKEN No Enables reveal_tokens — must match OCU_AUDITOR_TOKEN on the server

Usage

Once connected, Claude will automatically call refine_text when you ask it to handle sensitive data. You can also ask explicitly:

"Refine this before processing: John Smith's email is john@example.com, SSN 123-45-6789"

Claude returns:

{
  "cleanText": "John [NAME_a1b2c3d4]'s email is [EMAIL_9c8f7a1b], SSN [SSN_3a1b2c4d]",
  "tokenMap": {
    "[NAME_a1b2c3d4]": "NAME",
    "[EMAIL_9c8f7a1b]": "EMAIL",
    "[SSN_3a1b2c4d]": "SSN"
  }
}

For authorized workflows that need to restore PII after AI processing:

"Reveal these tokens: [EMAIL_9c8f7a1b], [SSN_3a1b2c4d]"

This call is recorded in the immutable Ed25519-signed audit log.

Why Zero-Egress?

The Ocultar Refinery runs entirely on your machine. The MCP server communicates only with localhost — no telemetry, no cloud calls, no supply chain attack surface. If the Refinery is unreachable, both tools fail closed: raw PII is never forwarded.

Security Model

  • refine_text is safe to expose to any Claude session
  • reveal_tokens requires OCULTAR_AUDITOR_TOKEN and every call is logged with actor, timestamp, and Ed25519 signature in the audit trail
  • The Refinery's vault uses AES-256-GCM with HKDF-SHA256 key derivation — tokens are useless without the master key

License

Apache 2.0 — see LICENSE

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Ocultar from gravatar.com Ocultar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache-2.0)
  • Tags anthropic , claude , gdpr , mcp , pii , privacy , security , zero-egress
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.2

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ocultar_claude_mcp-0.1.0.tar.gz (5.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ocultar_claude_mcp-0.1.0-py3-none-any.whl (7.9 kB view details)

Uploaded Python 3

File details

Details for the file ocultar_claude_mcp-0.1.0.tar.gz.

File metadata

  • Download URL: ocultar_claude_mcp-0.1.0.tar.gz
  • Upload date:
  • Size: 5.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.4

File hashes

Hashes for ocultar_claude_mcp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 bbf2d7b07c338a6bcb8fea8682b732ab5d931a64cb5e24a7fe801b55140d70b1
MD5 6f2ed952ffcbb01fb6a0a8c9811f80d5
BLAKE2b-256 a5b77962e5d9e73b54cd6b5cf9ba04f8ec75641b998c6368a162ddb1f532fd2c

See more details on using hashes here.

File details

Details for the file ocultar_claude_mcp-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for ocultar_claude_mcp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ac44e449be339f3218f7d40e1bc55fe205ed48b61c49bccc68f840f50bc00183
MD5 dc965c564d51ddc1bad0866753a0c9a3
BLAKE2b-256 c7b8e98016d91ae5c70ecdc2752c4f1f283395d5d97ec94a1247a6ee1e150bb0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page