What is Response Filtering?
Inspecting and modifying MCP tool responses before they reach the agent. Response filtering can strip sensitive data, block certain patterns, redact information, or transform responses to comply with data governance policies.
WHY IT MATTERS
Policy enforcement does not end when the tool call is approved. The response from the MCP server may contain data the agent should not see — personally identifiable information, internal system details, credentials embedded in error messages, or sensitive business data that exceeds the agent's authorisation level.
Response filtering addresses this by inspecting the server's response at the proxy layer before passing it to the agent. Patterns matching sensitive data — email addresses, phone numbers, API keys, social security numbers — can be redacted or masked automatically. This prevents data leaking into the agent's context where it might be exposed in subsequent interactions.
Response filtering is also a defence against malicious MCP servers. A compromised server might inject prompt injection payloads into its responses, attempting to manipulate the agent. Response filtering can detect and strip these patterns before they reach the LLM, adding a layer of protection that the agent framework itself may lack.
HOW POLICYLAYER USES THIS
Intercept applies response filtering rules defined in YAML policies. After forwarding an approved tool call to the MCP server, Intercept inspects the response against configured filter rules — regex patterns to redact, fields to strip, and maximum response sizes to enforce. Filtered responses are logged with an indication that filtering was applied, preserving the audit trail while protecting sensitive data.