restore_response

Restore placeholders in an LLM response back to original values.

Server Query Sanitizer vidoluco/query-sanitizer-mcp
Category Write
Risk class Medium
Parameters 00 required

What restore_response does on Query Sanitizer

AI agents use restore_response to create or update resources in Query Sanitizer — usually the action step of a workflow, after the agent has gathered context. Every call changes real data in your Query Sanitizer environment.

Why restore_response needs a policy

This tool modifies response data by substituting placeholders with original sensitive values, making it a Write operation (reversible modification). Severity is medium because misuse could expose redacted sensitive information if the restoration mapping is applied incorrectly or to unintended contexts, but the operation itself is reversible and doesn't delete or execute arbitrary code.

From the tool's definition Tool performs a transformation operation on LLM responses—replacing placeholders with original values. The description indicates it 'restore[s]' data, which is a modification of the response content.

Questions about restore_response

What does the restore_response tool do? +

Restore placeholders in an LLM response back to original values. It is categorised as a Write tool in the Query Sanitizer MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.

How do I enforce a policy on restore_response? +

Register the Query Sanitizer MCP server in PolicyLayer and add a rule for restore_response: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Query Sanitizer. Nothing to install.

What risk level is restore_response? +

restore_response is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.

Can I rate-limit restore_response? +

Yes. Add a rate_limit block to the restore_response rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block restore_response completely? +

Set action: deny in the PolicyLayer policy for restore_response. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides restore_response? +

restore_response is provided by the Query Sanitizer MCP server (vidoluco/query-sanitizer-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.

// LOOK UP ANOTHER SERVER

Every MCP server has a record like this.

Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.

Teams ship this data inside their own products. See what a licence covers →

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.