Aegis Privacy MCP

Name: Aegis Privacy MCP
Author: io.github.Evozim

Run agent-bound text and document flows through a PII and secrets sanitization MCP before prompts, logs, or OCR pipelines leak customer data.

Overview

Aegis-Privacy-MCP (zero-leak) is an MCP server for the Ship phase that sanitizes PII and secrets—with OCR-aware merging—before agent workflows leak sensitive data.

What is this MCP server?

Aegis-Privacy-MCP (zero-leak) gateway for PII and secrets sanitization
Advanced OCR merging logic for mixed text extracted from images or scans
Remote SSE MCP with optional EIP-3009 premium payment-signature header
Designed as a sanitization layer autonomous agents can call before downstream tools
Catalog entry io.github.Evozim/zero-leak at version 1.0.0
Version 1.0.0 per server.json-style manifest
1 hosted remote SSE MCP endpoint
1 documented premium secret header: payment-signature (EIP-3009)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Agents ingest prompts, tickets, and OCR’d docs that accidentally carry emails, tokens, and credentials into logs or external models.

Who is it for?

Builders shipping agent features that touch user uploads, support transcripts, or scanned documents who need a consistent sanitization step.

Skip if: Organizations that require on-prem only data planes with no remote MCP, or teams that need certified compliance attestation without their own policy layer.

What do I get? / Deliverables

After you add the MCP gateway, agents can redact or block sensitive fields upstream so safer text proceeds to analysis, storage, or reply generation.

Central MCP sanitization step for agent pipelines
Reduced accidental PII/secrets exposure in prompts and OCR merges
Documented remote endpoint and header requirements for production agents

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

Primary shelf is ship/security because sanitization gates what you expose at release and in agent tool chains. Security subphase matches redacting PII/secrets and controlling data crossing model boundaries.

How it compares

Privacy sanitization MCP gateway, not a generic secret scanner CLI or penetration-test skill pack.

Common Questions / FAQ

Who is zero-leak (Aegis Privacy MCP) for?

Solo builders and small teams running MCP agents on customer-facing or internal data who must strip PII and secrets before LLM calls or logging.

When should I use zero-leak?

Use it before shipping agent tools that read OCR output, pasted logs, or ticket text, and when hardening operate workflows that reuse production snippets.

How do I add zero-leak to my agent?

Add the remote SSE MCP server URL (https://zero-leak-mcp.vercel.app/api/mcp) in your client configuration and configure the payment-signature header if your plan uses EIP-3009 premium access.

What is this MCP server?

Aegis-Privacy-MCP (zero-leak) gateway for PII and secrets sanitization

Advanced OCR merging logic for mixed text extracted from images or scans

Remote SSE MCP with optional EIP-3009 premium payment-signature header

Designed as a sanitization layer autonomous agents can call before downstream tools

Catalog entry io.github.Evozim/zero-leak at version 1.0.0

Version 1.0.0 per server.json-style manifest

1 hosted remote SSE MCP endpoint

1 documented premium secret header: payment-signature (EIP-3009)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Who is it for?

Builders shipping agent features that touch user uploads, support transcripts, or scanned documents who need a consistent sanitization step.

Skip if: Organizations that require on-prem only data planes with no remote MCP, or teams that need certified compliance attestation without their own policy layer.

What do I get? / Deliverables

After you add the MCP gateway, agents can redact or block sensitive fields upstream so safer text proceeds to analysis, storage, or reply generation.

Central MCP sanitization step for agent pipelines

Reduced accidental PII/secrets exposure in prompts and OCR merges

Documented remote endpoint and header requirements for production agents

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is zero-leak (Aegis Privacy MCP) for?

When should I use zero-leak?

How do I add zero-leak to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is zero-leak (Aegis Privacy MCP) for?

When should I use zero-leak?

How do I add zero-leak to my agent?