MCP tool calls are a new data-egress vector. By 2026, security teams require DLP controls on every tool call: scrubbing outbound queries, redacting sensitive patterns in responses, and scoping tool access per agent. This tutorial applies DLP to the Scavio MCP.
Prerequisites
- Claude Code latest
- A Scavio API key
- Node.js 20+
- A DLP rules list
Walkthrough
Step 1: Fork the Scavio MCP
Wrap the upstream MCP with a DLP middleware.
Bash
git clone https://github.com/scavio/scavio-mcp scavio-mcp-dlp
cd scavio-mcp-dlp && npm installStep 2: Scrub outbound queries
Block queries containing secrets or PII.
JavaScript
const DLP_PATTERNS = [
/\b\d{3}-\d{2}-\d{4}\b/, // SSN
/sk_live_[A-Za-z0-9]+/, // API keys
/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\b/ // emails
];
function scrub(query) {
for (const p of DLP_PATTERNS) if (p.test(query)) throw new Error('DLP block');
return query;
}Step 3: Redact responses
Strip matching patterns from search results before returning.
JavaScript
function redact(text) {
for (const p of DLP_PATTERNS) text = text.replace(p, '[REDACTED]');
return text;
}Step 4: Proxy to Scavio
Forward scrubbed query, redact response.
JavaScript
export async function search({ query }) {
scrub(query);
const r = await fetch('https://api.scavio.dev/api/v1/search', {
method: 'POST',
headers: { 'x-api-key': process.env.SCAVIO_API_KEY, 'Content-Type': 'application/json' },
body: JSON.stringify({ query })
});
const d = await r.json();
d.organic_results = d.organic_results.map(r => ({ ...r, snippet: redact(r.snippet || '') }));
return d;
}Step 5: Scope per agent
Allowlist which agents can hit which Scavio platforms.
JavaScript
const SCOPE = { 'agent-sdr': ['search', 'reddit'], 'agent-legal': ['search'] };
function enforce(agentId, platform) {
if (!SCOPE[agentId]?.includes(platform)) throw new Error('scope');
}Python Example
Python
import os, re, requests
API_KEY = os.environ['SCAVIO_API_KEY']
DLP = [re.compile(r'\d{3}-\d{2}-\d{4}'), re.compile(r'sk_live_[A-Za-z0-9]+')]
def safe_search(query):
for p in DLP:
if p.search(query): raise ValueError('DLP block')
r = requests.post('https://api.scavio.dev/api/v1/search',
headers={'x-api-key': API_KEY}, json={'query': query})
d = r.json()
for res in d.get('organic_results', []):
for p in DLP: res['snippet'] = p.sub('[REDACTED]', res.get('snippet', ''))
return d
print(safe_search('best serp api 2026'))JavaScript Example
JavaScript
const API_KEY = process.env.SCAVIO_API_KEY;
const DLP = [/\d{3}-\d{2}-\d{4}/, /sk_live_[A-Za-z0-9]+/];
export async function safeSearch(query) {
if (DLP.some(p => p.test(query))) throw new Error('DLP block');
const r = await fetch('https://api.scavio.dev/api/v1/search', {
method: 'POST',
headers: { 'x-api-key': API_KEY, 'Content-Type': 'application/json' },
body: JSON.stringify({ query })
});
const d = await r.json();
d.organic_results = (d.organic_results || []).map(x => ({ ...x, snippet: DLP.reduce((s, p) => s.replace(p, '[REDACTED]'), x.snippet || '') }));
return d;
}Expected Output
JSON
Queries with PII/secrets blocked before hitting Scavio. Results with matching patterns redacted. Audit log shows per-agent scope enforcement.