feat(core): Add recordInputs/recordOutputs options to MCP server wrapper (#18600)

Adds granular control over capturing tool/prompt inputs and outputs in
MCP server instrumentation.

**NOT a breaking change:** both options default to `sendDefaultPii`, so
existing behavior is preserved.


## Motivation

Previously, capturing MCP tool/prompt inputs and outputs required
enabling `sendDefaultPii: true`, which also enables capturing IP
addresses, user data, and other sensitive information.

Bbut MCP inputs/outputs are important and user will want to record them,
so it shouldn't require exposing all PII. This change decouples
input/output capture from the broader PII setting, giving users granular
control:

- Want inputs/outputs for debugging but not IP addresses? →
`recordInputs: true` + `sendDefaultPii: false`
- Want full PII including network info? → `sendDefaultPii: true` (same
as before)

## New Options for `wrapMcpServerWithSentry`

- `recordInputs`: Controls whether tool/prompt input arguments are
captured in spans
- `recordOutputs`: Controls whether tool/prompt output results are
captured in spans


## Usage

```typescript

const mcpServer = new McpServer({name: "my-server"})

// Default: inherits from sendDefaultPii
const server = wrapMcpServerWithSentry(mcpServer);

// Explicit control
const server = wrapMcpServerWithSentry(
  mcpServer,
  { recordInputs: true, recordOutputs: false }
);
```

### PII Simplification

- `piiFiltering.ts` now only handles network PII (`client.address`,
`client.port`, `mcp.resource.uri`)
- Input/output capture is controlled at the source via
`recordInputs`/`recordOutputs` rather than filtering after capture

## Files Changed

- `types.ts` - Added `McpServerWrapperOptions` type
- `index.ts` - Added options parameter with `sendDefaultPii` defaults
- `attributeExtraction.ts` - Conditional input argument capture
- `spans.ts` - Threading `recordInputs` through span creation
- `transport.ts` - Passing options to transport wrappers
- `correlation.ts` - Conditional output result capture
- `piiFiltering.ts` - Simplified to network PII only
- Tests updated accordingly

Closes #18603 (added automatically)

Author: betegon

packages/core/src/integrations/mcp-server/attributeExtraction.ts

@@ -14,15 +14,25 @@ import {
 import { extractTargetInfo, getRequestArguments } from './methodConfig';
 import type { JsonRpcNotification, JsonRpcRequest, McpSpanType } from './types';
 
+/**
+ * Formats logging data for span attributes
+ * @internal
+ */
+function formatLoggingData(data: unknown): string {
+  return typeof data === 'string' ? data : JSON.stringify(data);
+}
+
 /**
  * Extracts additional attributes for specific notification types
  * @param method - Notification method name
  * @param params - Notification parameters
+ * @param recordInputs - Whether to include actual content or just metadata
  * @returns Method-specific attributes for span instrumentation
  */
 export function getNotificationAttributes(
   method: string,
   params: Record<string, unknown>,
+  recordInputs?: boolean,
 ): Record<string, string | number> {
   const attributes: Record<string, string | number> = {};
 
@@ -45,10 +55,8 @@ export function getNotificationAttributes(
       }
       if (params?.data !== undefined) {
         attributes[MCP_LOGGING_DATA_TYPE_ATTRIBUTE] = typeof params.data;
-        if (typeof params.data === 'string') {
-          attributes[MCP_LOGGING_MESSAGE_ATTRIBUTE] = params.data;
-        } else {
-          attributes[MCP_LOGGING_MESSAGE_ATTRIBUTE] = JSON.stringify(params.data);
+        if (recordInputs) {
+          attributes[MCP_LOGGING_MESSAGE_ATTRIBUTE] = formatLoggingData(params.data);
         }
       }
       break;
@@ -95,12 +103,14 @@ export function getNotificationAttributes(
  * @param type - Span type (request or notification)
  * @param message - JSON-RPC message
  * @param params - Optional parameters for attribute extraction
+ * @param recordInputs - Whether to capture input arguments in spans
  * @returns Type-specific attributes for span instrumentation
  */
 export function buildTypeSpecificAttributes(
   type: McpSpanType,
   message: JsonRpcRequest | JsonRpcNotification,
   params?: Record<string, unknown>,
+  recordInputs?: boolean,
 ): Record<string, string | number> {
   if (type === 'request') {
     const request = message as JsonRpcRequest;
@@ -109,11 +119,11 @@ export function buildTypeSpecificAttributes(
     return {
       ...(request.id !== undefined && { [MCP_REQUEST_ID_ATTRIBUTE]: String(request.id) }),
       ...targetInfo.attributes,
-      ...getRequestArguments(request.method, params || {}),
+      ...(recordInputs ? getRequestArguments(request.method, params || {}) : {}),
     };
   }
 
-  return getNotificationAttributes(message.method, params || {});
+  return getNotificationAttributes(message.method, params || {}, recordInputs);
 }
 
 // Re-export buildTransportAttributes for spans.ts

packages/core/src/integrations/mcp-server/correlation.ts

@@ -6,14 +6,12 @@
  * request ID collisions between different MCP sessions.
  */
 
-import { getClient } from '../../currentScopes';
 import { SPAN_STATUS_ERROR } from '../../tracing';
 import type { Span } from '../../types-hoist/span';
 import { MCP_PROTOCOL_VERSION_ATTRIBUTE } from './attributes';
-import { filterMcpPiiFromSpanData } from './piiFiltering';
 import { extractPromptResultAttributes, extractToolResultAttributes } from './resultExtraction';
 import { buildServerAttributesFromInfo, extractSessionDataFromInitializeResponse } from './sessionExtraction';
-import type { MCPTransport, RequestId, RequestSpanMapValue } from './types';
+import type { MCPTransport, RequestId, RequestSpanMapValue, ResolvedMcpOptions } from './types';
 
 /**
  * Transport-scoped correlation system that prevents collisions between different MCP sessions
@@ -57,8 +55,14 @@ export function storeSpanForRequest(transport: MCPTransport, requestId: RequestI
  * @param transport - MCP transport instance
  * @param requestId - Request identifier
  * @param result - Execution result for attribute extraction
+ * @param options - Resolved MCP options
  */
-export function completeSpanWithResults(transport: MCPTransport, requestId: RequestId, result: unknown): void {
+export function completeSpanWithResults(
+  transport: MCPTransport,
+  requestId: RequestId,
+  result: unknown,
+  options: ResolvedMcpOptions,
+): void {
   const spanMap = getOrCreateSpanMap(transport);
   const spanData = spanMap.get(requestId);
   if (spanData) {
@@ -77,18 +81,10 @@ export function completeSpanWithResults(transport: MCPTransport, requestId: Requ
 
       span.setAttributes(initAttributes);
     } else if (method === 'tools/call') {
-      const rawToolAttributes = extractToolResultAttributes(result);
-      const client = getClient();
-      const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
-      const toolAttributes = filterMcpPiiFromSpanData(rawToolAttributes, sendDefaultPii);
-
+      const toolAttributes = extractToolResultAttributes(result, options.recordOutputs);
       span.setAttributes(toolAttributes);
     } else if (method === 'prompts/get') {
-      const rawPromptAttributes = extractPromptResultAttributes(result);
-      const client = getClient();
-      const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
-      const promptAttributes = filterMcpPiiFromSpanData(rawPromptAttributes, sendDefaultPii);
-
+      const promptAttributes = extractPromptResultAttributes(result, options.recordOutputs);
       span.setAttributes(promptAttributes);
     }
 

packages/core/src/integrations/mcp-server/index.ts

@@ -1,7 +1,8 @@
+import { getClient } from '../../currentScopes';
 import { fill } from '../../utils/object';
 import { wrapAllMCPHandlers } from './handlers';
 import { wrapTransportError, wrapTransportOnClose, wrapTransportOnMessage, wrapTransportSend } from './transport';
-import type { MCPServerInstance, MCPTransport } from './types';
+import type { MCPServerInstance, McpServerWrapperOptions, MCPTransport, ResolvedMcpOptions } from './types';
 import { validateMcpServerInstance } from './validation';
 
 /**
@@ -22,18 +23,26 @@ const wrappedMcpServerInstances = new WeakSet();
  * import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
  * import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
  *
+ * // Default: inputs/outputs captured based on sendDefaultPii option
  * const server = Sentry.wrapMcpServerWithSentry(
  *   new McpServer({ name: "my-server", version: "1.0.0" })
  * );
  *
+ * // Explicitly control input/output capture
+ * const server = Sentry.wrapMcpServerWithSentry(
+ *   new McpServer({ name: "my-server", version: "1.0.0" }),
+ *   { recordInputs: true, recordOutputs: false }
+ * );
+ *
  * const transport = new StreamableHTTPServerTransport();
  * await server.connect(transport);
  * ```
  *
  * @param mcpServerInstance - MCP server instance to instrument
+ * @param options - Optional configuration for recording inputs and outputs
  * @returns Instrumented server instance (same reference)
  */
-export function wrapMcpServerWithSentry<S extends object>(mcpServerInstance: S): S {
+export function wrapMcpServerWithSentry<S extends object>(mcpServerInstance: S, options?: McpServerWrapperOptions): S {
   if (wrappedMcpServerInstances.has(mcpServerInstance)) {
     return mcpServerInstance;
   }
@@ -43,6 +52,13 @@ export function wrapMcpServerWithSentry<S extends object>(mcpServerInstance: S):
   }
 
   const serverInstance = mcpServerInstance as MCPServerInstance;
+  const client = getClient();
+  const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
+
+  const resolvedOptions: ResolvedMcpOptions = {
+    recordInputs: options?.recordInputs ?? sendDefaultPii,
+    recordOutputs: options?.recordOutputs ?? sendDefaultPii,
+  };
 
   fill(serverInstance, 'connect', originalConnect => {
     return async function (this: MCPServerInstance, transport: MCPTransport, ...restArgs: unknown[]) {
@@ -52,8 +68,8 @@ export function wrapMcpServerWithSentry<S extends object>(mcpServerInstance: S):
         ...restArgs,
       );
 
-      wrapTransportOnMessage(transport);
-      wrapTransportSend(transport);
+      wrapTransportOnMessage(transport, resolvedOptions);
+      wrapTransportSend(transport, resolvedOptions);
       wrapTransportOnClose(transport);
       wrapTransportError(transport);
 

packages/core/src/integrations/mcp-server/piiFiltering.ts

@@ -1,71 +1,37 @@
 /**
  * PII filtering for MCP server spans
  *
- * Removes sensitive data when sendDefaultPii is false.
- * Uses configurable attribute filtering to protect user privacy.
+ * Removes network-level sensitive data when sendDefaultPii is false.
+ * Input/output data (request arguments, tool/prompt results) is controlled
+ * separately via recordInputs/recordOutputs options.
  */
 import type { SpanAttributeValue } from '../../types-hoist/span';
-import {
-  CLIENT_ADDRESS_ATTRIBUTE,
-  CLIENT_PORT_ATTRIBUTE,
-  MCP_LOGGING_MESSAGE_ATTRIBUTE,
-  MCP_PROMPT_RESULT_DESCRIPTION_ATTRIBUTE,
-  MCP_PROMPT_RESULT_MESSAGE_CONTENT_ATTRIBUTE,
-  MCP_PROMPT_RESULT_PREFIX,
-  MCP_REQUEST_ARGUMENT,
-  MCP_RESOURCE_URI_ATTRIBUTE,
-  MCP_TOOL_RESULT_CONTENT_ATTRIBUTE,
-  MCP_TOOL_RESULT_PREFIX,
-} from './attributes';
+import { CLIENT_ADDRESS_ATTRIBUTE, CLIENT_PORT_ATTRIBUTE, MCP_RESOURCE_URI_ATTRIBUTE } from './attributes';
 
 /**
- * PII attributes that should be removed when sendDefaultPii is false
+ * Network PII attributes that should be removed when sendDefaultPii is false
  * @internal
  */
-const PII_ATTRIBUTES = new Set([
-  CLIENT_ADDRESS_ATTRIBUTE,
-  CLIENT_PORT_ATTRIBUTE,
-  MCP_LOGGING_MESSAGE_ATTRIBUTE,
-  MCP_PROMPT_RESULT_DESCRIPTION_ATTRIBUTE,
-  MCP_PROMPT_RESULT_MESSAGE_CONTENT_ATTRIBUTE,
-  MCP_RESOURCE_URI_ATTRIBUTE,
-  MCP_TOOL_RESULT_CONTENT_ATTRIBUTE,
-]);
+const NETWORK_PII_ATTRIBUTES = new Set([CLIENT_ADDRESS_ATTRIBUTE, CLIENT_PORT_ATTRIBUTE, MCP_RESOURCE_URI_ATTRIBUTE]);
 
 /**
- * Checks if an attribute key should be considered PII.
+ * Checks if an attribute key should be considered network PII.
  *
  * Returns true for:
- * - Explicit PII attributes (client.address, client.port, mcp.logging.message, etc.)
- * - All request arguments (mcp.request.argument.*)
- * - Tool and prompt result content (mcp.tool.result.*, mcp.prompt.result.*) except metadata
- *
- * Preserves metadata attributes ending with _count, _error, or .is_error as they don't contain sensitive data.
+ * - client.address (IP address)
+ * - client.port (port number)
+ * - mcp.resource.uri (potentially sensitive URIs)
  *
  * @param key - Attribute key to evaluate
- * @returns true if the attribute should be filtered out (is PII), false if it should be preserved
+ * @returns true if the attribute should be filtered out (is network PII), false if it should be preserved
  * @internal
  */
-function isPiiAttribute(key: string): boolean {
-  if (PII_ATTRIBUTES.has(key)) {
-    return true;
-  }
-
-  if (key.startsWith(`${MCP_REQUEST_ARGUMENT}.`)) {
-    return true;
-  }
-
-  if (key.startsWith(`${MCP_TOOL_RESULT_PREFIX}.`) || key.startsWith(`${MCP_PROMPT_RESULT_PREFIX}.`)) {
-    if (!key.endsWith('_count') && !key.endsWith('_error') && !key.endsWith('.is_error')) {
-      return true;
-    }
-  }
-
-  return false;
+function isNetworkPiiAttribute(key: string): boolean {
+  return NETWORK_PII_ATTRIBUTES.has(key);
 }
 
 /**
- * Removes PII attributes from span data when sendDefaultPii is false
+ * Removes network PII attributes from span data when sendDefaultPii is false
  * @param spanData - Raw span attributes
  * @param sendDefaultPii - Whether to include PII data
  * @returns Filtered span attributes
@@ -80,7 +46,7 @@ export function filterMcpPiiFromSpanData(
 
   return Object.entries(spanData).reduce(
     (acc, [key, value]) => {
-      if (!isPiiAttribute(key)) {
+      if (!isNetworkPiiAttribute(key)) {
         acc[key] = value as SpanAttributeValue;
       }
       return acc;