redact_pii

Detect and MASK personally identifiable information in a document (PDF or image). USE THIS WHEN you need to know what PII a document contains, or to get a redacted copy before forwarding / logging / passing it to another model. Two layers: a deterministic regex+checksum pass for structured identi...

Server OpenWarrant https://www.stipple.sh/mcp
Category Read
Risk class Low
Parameters 40 required

What redact_pii does on OpenWarrant

AI agents call redact_pii to retrieve information from OpenWarrant without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.

ParameterTypeRequiredDescription
url object
filename string
bytes_b64 object
max_pages object

Parameters from the server's own tool schema.

Why redact_pii needs a policy

This is fundamentally a Read operation: the tool queries/analyzes document content to extract information (PII detection) and produces a derivative output (redacted copy) without modifying the original or causing irreversible side effects. While it processes sensitive data, the core action is inspection and non-destructive redaction.

From the tool's definition Tool DETECTS and MASKS PII in documents; description states 'get a redacted copy' and uses vision model to identify names, addresses, dates of birth, phone numbers, signatures.

Risk signalsAccepts file system path (filename) · Accepts URL/endpoint input (url)

Questions about redact_pii

What does the redact_pii tool do? +

Detect and MASK personally identifiable information in a document (PDF or image). USE THIS WHEN you need to know what PII a document contains, or to get a redacted copy before forwarding / logging / passing it to another model. Two layers: a deterministic regex+checksum pass for structured identifiers (emails, payment cards, SSN, PAN, ABN) and a vision model for the unstructured PII — names, addresses, dates of birth, phone numbers, and photo/signature presence. Provide the document ONE way: url (a public http(s) link, fetched server-side) or bytes_b64 (inline base64, plus filename). max_pages caps how many pages are read (default a few; ceiling 10). Returns {pii_found, by_type, items[] (type, masked preview, method), redacted_text, has_photo, has_signature}. Values are MASKED in the response — the raw PII is never returned. DETECTION coverage, not a guarantee: it may miss PII or over-flag, so review before relying on it for compliance. The document is never stored. It is categorised as a Read tool in the OpenWarrant MCP Server, which means it retrieves data without modifying state.

What parameters does redact_pii accept? +

redact_pii accepts 4 parameters: url, filename, bytes_b64, max_pages. The full parameter table on this page comes from the server's own tool schema.

How do I enforce a policy on redact_pii? +

Register the OpenWarrant MCP server in PolicyLayer and add a rule for redact_pii: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches OpenWarrant. Nothing to install.

What risk level is redact_pii? +

redact_pii is a Read tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit redact_pii? +

Yes. Add a rate_limit block to the redact_pii rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block redact_pii completely? +

Set action: deny in the PolicyLayer policy for redact_pii. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides redact_pii? +

redact_pii is provided by the OpenWarrant MCP server (https://www.stipple.sh/mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.