Overview
Financial AI agents need web search to verify market data, check SEC filings, and monitor news. But compliance teams block direct internet access. This workflow routes all agent search through Scavio's MCP server with audit logging, query filtering (no PII in queries), and per-agent budget controls. Compliance-approved search access.
Trigger
Every search request from a financial AI agent.
Schedule
Event-driven
Workflow Steps
Intercept Agent Search Request
Capture the agent's search query before it reaches the network.
Filter for PII and Compliance
Scan the query for personally identifiable information, account numbers, or restricted terms. Block or sanitize.
Route Through MCP Sandbox
Send the sanitized query through Scavio's MCP server. No direct internet access for the agent.
Log for Audit
Record the query, response metadata, agent ID, and timestamp in the compliance audit log.
Return Filtered Results
Return search results to the agent after stripping any content that violates compliance policies.
Python Implementation
import requests, os, json, re, logging
from datetime import datetime
API_KEY = os.environ["SCAVIO_API_KEY"]
MCP_URL = "https://mcp.scavio.dev/mcp"
MH = {"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"}
logging.basicConfig(filename="financial_audit.log", level=logging.INFO)
PII_PATTERNS = [
r"\b\d{3}-\d{2}-\d{4}\b", # SSN
r"\b\d{16}\b", # Credit card
r"\b[A-Z]{2}\d{6,10}\b", # Account numbers
]
def sanitize_query(query: str) -> str:
for pattern in PII_PATTERNS:
if re.search(pattern, query):
raise ValueError(f"Query contains PII matching pattern: {pattern}")
return query
def secure_search(query: str, agent_id: str) -> dict:
clean_query = sanitize_query(query)
logging.info(json.dumps({"ts": datetime.now().isoformat(), "agent": agent_id, "query": clean_query, "action": "search"}))
payload = {
"jsonrpc": "2.0", "id": 1,
"method": "tools/call",
"params": {"name": "search", "arguments": {"query": clean_query, "country_code": "us"}}
}
resp = requests.post(MCP_URL, headers=MH, json=payload, timeout=15)
result = resp.json().get("result", {})
logging.info(json.dumps({"ts": datetime.now().isoformat(), "agent": agent_id, "result_size": len(str(result)), "action": "result"}))
return result
# Financial agent searches safely
try:
result = secure_search("AAPL Q2 2026 earnings report SEC", "fin-agent-002")
print(f"Search completed: {len(str(result))} chars")
except ValueError as e:
print(f"BLOCKED: {e}")JavaScript Implementation
const MCP_URL = 'https://mcp.scavio.dev/mcp';
const MH = {'Authorization': 'Bearer '+process.env.SCAVIO_API_KEY, 'Content-Type': 'application/json'};
const PII_PATTERNS = [/\b\d{3}-\d{2}-\d{4}\b/, /\b\d{16}\b/, /\b[A-Z]{2}\d{6,10}\b/];
function auditLog(entry) { console.log('[AUDIT]', JSON.stringify({...entry, ts:new Date().toISOString()})); }
function sanitizeQuery(query) {
for (const p of PII_PATTERNS) { if (p.test(query)) throw new Error('Query contains PII'); }
return query;
}
async function secureSearch(query, agentId) {
const clean = sanitizeQuery(query);
auditLog({agent:agentId, query:clean, action:'search'});
const payload = {jsonrpc:'2.0', id:1, method:'tools/call', params:{name:'search', arguments:{query:clean, country_code:'us'}}};
const r = await fetch(MCP_URL, {method:'POST', headers:MH, body:JSON.stringify(payload)});
const result = (await r.json()).result || {};
auditLog({agent:agentId, resultSize:JSON.stringify(result).length, action:'result'});
return result;
}
try {
const result = await secureSearch('AAPL Q2 2026 earnings report SEC', 'fin-agent-002');
console.log('Search completed: '+JSON.stringify(result).length+' chars');
} catch (e) { console.log('BLOCKED: '+e.message); }Platforms Used
Web search with knowledge graph, PAA, and AI overviews