概述
金融 AI 代理需要网络搜索来验证市场数据、查询 SEC 文件和监控新闻。但合规团队禁止直接访问互联网。此工作流通过 Scavio 的 MCP 服务器路由所有代理搜索,包含审计日志、查询过滤(禁止查询中包含个人身份信息)和按代理的预算控制。合规审批的搜索访问方案。
触发器
金融 AI 代理的每次搜索请求。
计划
事件驱动
工作流步骤
1
拦截代理搜索请求
在查询到达网络之前捕获代理的搜索查询。
2
过滤个人身份信息和合规检查
扫描查询中的个人身份信息、账户号码或受限词汇。阻止或清理。
3
通过 MCP 沙盒路由
将清理后的查询通过 Scavio 的 MCP 服务器发送。代理无法直接访问互联网。
4
记录审计日志
在合规审计日志中记录查询、响应元数据、代理 ID 和时间戳。
5
返回过滤后的结果
在剥离违反合规政策的内容后,将搜索结果返回给代理。
Python 实现
Python
import requests, os, json, re, logging
from datetime import datetime
API_KEY = os.environ["SCAVIO_API_KEY"]
MCP_URL = "https://mcp.scavio.dev/mcp"
MH = {"Authorization": f"Bearer {API_KEY}", "Content-Type": "application/json"}
logging.basicConfig(filename="financial_audit.log", level=logging.INFO)
PII_PATTERNS = [
r"\b\d{3}-\d{2}-\d{4}\b", # SSN
r"\b\d{16}\b", # Credit card
r"\b[A-Z]{2}\d{6,10}\b", # Account numbers
]
def sanitize_query(query: str) -> str:
for pattern in PII_PATTERNS:
if re.search(pattern, query):
raise ValueError(f"Query contains PII matching pattern: {pattern}")
return query
def secure_search(query: str, agent_id: str) -> dict:
clean_query = sanitize_query(query)
logging.info(json.dumps({"ts": datetime.now().isoformat(), "agent": agent_id, "query": clean_query, "action": "search"}))
payload = {
"jsonrpc": "2.0", "id": 1,
"method": "tools/call",
"params": {"name": "search", "arguments": {"query": clean_query, "country_code": "us"}}
}
resp = requests.post(MCP_URL, headers=MH, json=payload, timeout=15)
result = resp.json().get("result", {})
logging.info(json.dumps({"ts": datetime.now().isoformat(), "agent": agent_id, "result_size": len(str(result)), "action": "result"}))
return result
# Financial agent searches safely
try:
result = secure_search("AAPL Q2 2026 earnings report SEC", "fin-agent-002")
print(f"Search completed: {len(str(result))} chars")
except ValueError as e:
print(f"BLOCKED: {e}")JavaScript 实现
JavaScript
const MCP_URL = 'https://mcp.scavio.dev/mcp';
const MH = {'Authorization': 'Bearer '+process.env.SCAVIO_API_KEY, 'Content-Type': 'application/json'};
const PII_PATTERNS = [/\b\d{3}-\d{2}-\d{4}\b/, /\b\d{16}\b/, /\b[A-Z]{2}\d{6,10}\b/];
function auditLog(entry) { console.log('[AUDIT]', JSON.stringify({...entry, ts:new Date().toISOString()})); }
function sanitizeQuery(query) {
for (const p of PII_PATTERNS) { if (p.test(query)) throw new Error('Query contains PII'); }
return query;
}
async function secureSearch(query, agentId) {
const clean = sanitizeQuery(query);
auditLog({agent:agentId, query:clean, action:'search'});
const payload = {jsonrpc:'2.0', id:1, method:'tools/call', params:{name:'search', arguments:{query:clean, country_code:'us'}}};
const r = await fetch(MCP_URL, {method:'POST', headers:MH, body:JSON.stringify(payload)});
const result = (await r.json()).result || {};
auditLog({agent:agentId, resultSize:JSON.stringify(result).length, action:'result'});
return result;
}
try {
const result = await secureSearch('AAPL Q2 2026 earnings report SEC', 'fin-agent-002');
console.log('Search completed: '+JSON.stringify(result).length+' chars');
} catch (e) { console.log('BLOCKED: '+e.message); }使用的平台
包含知识图谱、PAA和AI概览的网页搜索