kustodyan-mcp
This server is an MCP interface for the Kustodyan data-protection API, enabling AI agents and applications to manage sensitive data through contextual transformations (encryption, tokenization, anonymization, masking) configured server-side based on roles and actions.
Protect data (
protect): Encrypt, tokenize, anonymize, or mask field values for a given role — the exact technique is determined by server-side configuration per(className, propertyName).Unprotect data (
unprotect): Reverse a protection to recover the original cleartext value for a permitted role — ⚠️ returns sensitive cleartext and should be handled with care.Search tokens (
search): Generate a search token for a value to match against stored protected data without exposing the raw value.Low-level transform (
transform): Send a fully-formed Engine transform payload for advanced use cases involving multiple contexts, dependency contexts, or custom rights.Validate transforms (
validate_transform): Statically validate a transform payload locally before sending it to the Engine, checking required fields, evidence shape, and context references.Identity/credential check (
whoami): Inspect non-sensitive JWT claims (client ID, scope, expiry) to confirm credentials and environment configuration.Health check (
health): Verify that the Identity and Engine APIs are reachable and functional.Discover the data model (
list_data_model): List all configured classes, properties, roles, and supported actions to understand what can be protected and how.Access guides & prompts: Retrieve best-practice guidance via MCP resources and follow the
protect_recordprompt for safe PII protection.Multiple transports: Operates via
stdiofor local use or streamable HTTP for hosted deployments.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@kustodyan-mcpprotect the PII fields in this record for role 'analyst'"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
kustodyan-mcp
A Model Context Protocol server for the Kustodyan data-protection API (powered by the RegData Protection Suite). It lets AI agents and applications protect, unprotect and search sensitive data through Kustodyan's contextual transform engine — so data is tokenized, encrypted, anonymized or masked according to who is asking (a role) and what operation is requested, with every call auditable.
It speaks two transports from one binary:
stdio (default) — for local use (
node dist/server.jsafter a build)streamable HTTP — for hosting behind a reverse proxy (set
KUSTODYAN_MCP_TRANSPORT=http)
What it does
The Kustodyan Engine exposes a single transform operation; behaviour is selected by
evidence you send — a Role (who) and an Action (Protect / Unprotect / Search)
— plus the (className, propertyName) of each value. The transformation technique
(encryption, tokenization, anonymization, masking) is configured server-side, never chosen
by the caller. This server wraps that model in ergonomic tools.
Tools
Tool | Purpose |
| Protect field values for a role (encrypt / tokenize / anonymize per config). |
| Reverse a protection to recover the original — returns cleartext, treat as sensitive. |
| Get a search token to match against a stored protected value. |
| Low-level escape hatch: send a full Engine transform payload. |
| Statically validate a transform payload before sending. |
| Confirm credentials and the configured environment (decoded token claims). |
| Check Identity + Engine reachability. |
| Discover the configured classes, properties, roles and actions. |
Resources & prompts
kustodyan://guide/contextualisation— how Role/Action evidence drives transforms.kustodyan://guide/best-practices— safe, effective use of protect/unprotect.kustodyan://data-model— the configured data-model manifest.Prompt
protect_record— guides an assistant to protect a record's PII safely.
Related MCP server: Shrike Security MCP Server
Configuration (environment)
Variable | Required | Description |
| yes | e.g. |
| yes | e.g. |
| yes | Engine API client id (from the CoreAdmin portal) |
| yes | Engine API client secret |
| no | Path to a data-model manifest JSON (classes/properties/roles) |
| no |
|
| no | HTTP bind (default |
Run locally (stdio)
npm install && npm run build
KUSTODYAN_IDENTITY_URL=https://<env>.kustodyan.io/api/identity \
KUSTODYAN_ENGINE_URL=https://<env>.kustodyan.io/api/engine \
KUSTODYAN_CLIENT_ID=... KUSTODYAN_CLIENT_SECRET=... \
node dist/server.jsMCP client config (stdio):
{
"mcpServers": {
"kustodyan": {
"command": "node",
"args": ["/path/to/kustodyan-mcp/dist/server.js"],
"env": {
"KUSTODYAN_IDENTITY_URL": "https://<env>.kustodyan.io/api/identity",
"KUSTODYAN_ENGINE_URL": "https://<env>.kustodyan.io/api/engine",
"KUSTODYAN_CLIENT_ID": "...",
"KUSTODYAN_CLIENT_SECRET": "..."
}
}
}
}Run hosted (HTTP, token-gated image)
The container serves streamable HTTP behind an nginx bearer-token gate.
docker run -d -p 8080:8080 \
-e MCP_BEARER_TOKEN=<a long random secret> \
-e KUSTODYAN_IDENTITY_URL=https://<env>.kustodyan.io/api/identity \
-e KUSTODYAN_ENGINE_URL=https://<env>.kustodyan.io/api/engine \
-e KUSTODYAN_CLIENT_ID=... -e KUSTODYAN_CLIENT_SECRET=... \
<image>Point your MCP client at https://<host>/mcp, sending Authorization: Bearer <MCP_BEARER_TOKEN>
(or ?token=<MCP_BEARER_TOKEN>). GET /healthz is unauthenticated for probes.
Build
npm install
npm run build # -> dist/
npm start # stdioSafety notes
unprotectreturns cleartext. Never log it, persist it, or call it for an unauthorised role. Prefer a masking role when a partial value suffices.Discover the data model (
list_data_model) instead of guessingpropertyNames.Transform calls can succeed (HTTP 200) while individual fields carry a per-field
error— always inspect per-field results.
Documentation
docs/rps-api-contract.md— the verified Identity + Engine API contract (auth,/transformshape, error model) this server is built on.docs/searchable-encryption.md— the searchable-encryption guide: the scheme/leakage ladder, and the PROPE search-band contract (dependencyContext {method,min,max}, case-insensitive collation).
License
MIT
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/tillo/kustodyan-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server