Implement PII filtering for MCP server spans. Introduce a new utility to remove sensitive data based on the sendDefaultPii setting.

Author: betegon

packages/core/src/integrations/mcp-server/correlation.ts

@@ -3,8 +3,10 @@
  * Handles mapping requestId to span data for correlation with handler execution
  */
 
+import { getClient } from '../../currentScopes';
 import { withActiveSpan } from '../../tracing';
 import type { Span } from '../../types-hoist/span';
+import { filterMcpPiiFromSpanData } from './piiFiltering';
 import type { RequestId, SessionId } from './types';
 
 // Simplified correlation system that works with or without sessionId
@@ -68,8 +70,12 @@ export function completeSpanWithResults(requestId: RequestId, result: unknown):
     };
 
     if (spanWithMethods.setAttributes && method === 'tools/call') {
-      // Add tool-specific attributes
-      const toolAttributes = extractToolResultAttributes(result);
+      // Add tool-specific attributes with PII filtering
+      const rawToolAttributes = extractToolResultAttributes(result);
+      const client = getClient();
+      const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
+      const toolAttributes = filterMcpPiiFromSpanData(rawToolAttributes, sendDefaultPii);
+
       spanWithMethods.setAttributes(toolAttributes);
 
       // Set span status based on tool result

packages/core/src/integrations/mcp-server/piiFiltering.ts

@@ -0,0 +1,33 @@
+/**
+ * PII filtering for MCP server spans
+ * Removes sensitive data when sendDefaultPii is false
+ */
+
+/** PII attributes that should be removed when sendDefaultPii is false */
+const PII_ATTRIBUTES = new Set([
+  'client.address',
+  'client.port',
+  'mcp.logging.message',
+  'mcp.resource.uri',
+  'mcp.tool.result.content',
+]);
+
+/**
+ * Removes PII attributes from span data when sendDefaultPii is false
+ */
+export function filterMcpPiiFromSpanData(
+  spanData: Record<string, unknown>,
+  sendDefaultPii: boolean,
+): Record<string, unknown> {
+  if (sendDefaultPii) {
+    return spanData; // Send everything when PII is allowed
+  }
+
+  // Use Object.fromEntries with filter for a more functional approach
+  return Object.fromEntries(
+    Object.entries(spanData).filter(([key]) => {
+      const isPiiAttribute = PII_ATTRIBUTES.has(key) || key.startsWith('mcp.request.argument.');
+      return !isPiiAttribute;
+    }),
+  );
+}

packages/core/src/integrations/mcp-server/spans.ts

@@ -2,6 +2,7 @@
  * Span creation and management functions for MCP server instrumentation
  */
 
+import { getClient } from '../../currentScopes';
 import {
   SEMANTIC_ATTRIBUTE_SENTRY_OP,
   SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN,
@@ -18,6 +19,7 @@ import {
   MCP_ROUTE_SOURCE_VALUE,
   MCP_SERVER_OP_VALUE,
 } from './attributes';
+import { filterMcpPiiFromSpanData } from './piiFiltering';
 import type { ExtraHandlerData, JsonRpcNotification, JsonRpcRequest, McpSpanConfig, MCPTransport } from './types';
 
 /**
@@ -77,7 +79,7 @@ function createMcpSpan(config: McpSpanConfig): unknown {
   }
 
   // Build attributes
-  const attributes: Record<string, string | number> = {
+  const rawAttributes: Record<string, string | number> = {
     // Base attributes
     ...buildTransportAttributes(transport, extra),
     // Method name (required for all spans)
@@ -88,6 +90,11 @@ function createMcpSpan(config: McpSpanConfig): unknown {
     ...buildSentryAttributes(type),
   };
 
+  // Apply PII filtering based on sendDefaultPii setting
+  const client = getClient();
+  const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
+  const attributes = filterMcpPiiFromSpanData(rawAttributes, sendDefaultPii) as Record<string, string | number>;
+
   return startSpan(
     {
       name: spanName,
@@ -154,7 +161,7 @@ export function buildMcpServerSpanConfig(
   const spanName = createSpanName(method, targetInfo.target);
 
   // Build comprehensive attributes
-  const attributes: Record<string, string | number> = {
+  const rawAttributes: Record<string, string | number> = {
     // Base attributes
     ...buildTransportAttributes(transport, extra),
     // Method and request info
@@ -165,6 +172,11 @@ export function buildMcpServerSpanConfig(
     ...buildSentryAttributes('request'),
   };
 
+  // Apply PII filtering based on sendDefaultPii setting
+  const client = getClient();
+  const sendDefaultPii = Boolean(client?.getOptions().sendDefaultPii);
+  const attributes = filterMcpPiiFromSpanData(rawAttributes, sendDefaultPii) as Record<string, string | number>;
+
   return {
     name: spanName,
     op: MCP_SERVER_OP_VALUE,

packages/core/test/lib/mcp-server.test.ts

@@ -1,13 +1,22 @@
 import { beforeEach, describe, expect, it, vi } from 'vitest';
+import * as currentScopes from '../../src/currentScopes';
 import { wrapMcpServerWithSentry } from '../../src/integrations/mcp-server';
+import { filterMcpPiiFromSpanData } from '../../src/integrations/mcp-server/piiFiltering';
 import * as tracingModule from '../../src/tracing';
 
 describe('wrapMcpServerWithSentry', () => {
   const startSpanSpy = vi.spyOn(tracingModule, 'startSpan');
   const startInactiveSpanSpy = vi.spyOn(tracingModule, 'startInactiveSpan');
+  const getClientSpy = vi.spyOn(currentScopes, 'getClient');
 
   beforeEach(() => {
     vi.clearAllMocks();
+    // Mock client to return sendDefaultPii: true for instrumentation tests
+    getClientSpy.mockReturnValue({
+      getOptions: () => ({ sendDefaultPii: true }),
+      getDsn: () => ({ publicKey: 'test-key', host: 'test-host' }),
+      emit: vi.fn(),
+    } as any);
   });
 
   it('should return the same instance (modified) if it is a valid MCP server instance', () => {
@@ -709,6 +718,200 @@ describe('wrapMcpServerWithSentry', () => {
       );
     });
   });
+
+  describe('PII Filtering', () => {
+    let mockMcpServer: ReturnType<typeof createMockMcpServer>;
+    let wrappedMcpServer: ReturnType<typeof createMockMcpServer>;
+    let mockTransport: ReturnType<typeof createMockTransport>;
+
+    beforeEach(() => {
+      mockMcpServer = createMockMcpServer();
+      wrappedMcpServer = wrapMcpServerWithSentry(mockMcpServer);
+      mockTransport = createMockTransport();
+      mockTransport.sessionId = 'test-session-123';
+    });
+
+    it('should include PII data when sendDefaultPii is true', async () => {
+      // Mock client with sendDefaultPii: true
+      getClientSpy.mockReturnValue({
+        getOptions: () => ({ sendDefaultPii: true }),
+        getDsn: () => ({ publicKey: 'test-key', host: 'test-host' }),
+        emit: vi.fn(),
+      } as any);
+
+      await wrappedMcpServer.connect(mockTransport);
+
+      const jsonRpcRequest = {
+        jsonrpc: '2.0',
+        method: 'tools/call',
+        id: 'req-pii-true',
+        params: { name: 'weather', arguments: { location: 'London', units: 'metric' } },
+      };
+
+      const extraWithClientInfo = {
+        requestInfo: {
+          remoteAddress: '192.168.1.100',
+          remotePort: 54321,
+        },
+      };
+
+      mockTransport.onmessage?.(jsonRpcRequest, extraWithClientInfo);
+
+      expect(startInactiveSpanSpy).toHaveBeenCalledWith({
+        name: 'tools/call weather',
+        op: 'mcp.server',
+        forceTransaction: true,
+        attributes: expect.objectContaining({
+          'client.address': '192.168.1.100',
+          'client.port': 54321,
+          'mcp.request.argument.location': '"London"',
+          'mcp.request.argument.units': '"metric"',
+          'mcp.tool.name': 'weather',
+        }),
+      });
+    });
+
+    it('should exclude PII data when sendDefaultPii is false', async () => {
+      // Mock client with sendDefaultPii: false
+      getClientSpy.mockReturnValue({
+        getOptions: () => ({ sendDefaultPii: false }),
+        getDsn: () => ({ publicKey: 'test-key', host: 'test-host' }),
+        emit: vi.fn(),
+      } as any);
+
+      await wrappedMcpServer.connect(mockTransport);
+
+      const jsonRpcRequest = {
+        jsonrpc: '2.0',
+        method: 'tools/call',
+        id: 'req-pii-false',
+        params: { name: 'weather', arguments: { location: 'London', units: 'metric' } },
+      };
+
+      const extraWithClientInfo = {
+        requestInfo: {
+          remoteAddress: '192.168.1.100',
+          remotePort: 54321,
+        },
+      };
+
+      mockTransport.onmessage?.(jsonRpcRequest, extraWithClientInfo);
+
+      const callArgs = startInactiveSpanSpy.mock.calls[0][0];
+
+      // PII data should be filtered out
+      expect(callArgs.attributes).not.toHaveProperty('client.address');
+      expect(callArgs.attributes).not.toHaveProperty('client.port');
+      expect(callArgs.attributes).not.toHaveProperty('mcp.request.argument.location');
+      expect(callArgs.attributes).not.toHaveProperty('mcp.request.argument.units');
+
+      // Non-PII data should remain
+      expect(callArgs.attributes).toHaveProperty('mcp.tool.name', 'weather');
+      expect(callArgs.attributes).toHaveProperty('mcp.method.name', 'tools/call');
+    });
+
+    it('should filter tool result content when sendDefaultPii is false', async () => {
+      // Mock client with sendDefaultPii: false
+      getClientSpy.mockReturnValue({
+        getOptions: () => ({ sendDefaultPii: false }),
+      } as any);
+
+      await wrappedMcpServer.connect(mockTransport);
+
+      const mockSpan = {
+        setAttributes: vi.fn(),
+        setStatus: vi.fn(),
+        end: vi.fn(),
+      };
+      startInactiveSpanSpy.mockReturnValueOnce(mockSpan);
+
+      const toolCallRequest = {
+        jsonrpc: '2.0',
+        method: 'tools/call',
+        id: 'req-tool-result-filtered',
+        params: { name: 'weather-lookup' },
+      };
+
+      mockTransport.onmessage?.(toolCallRequest, {});
+
+      const toolResponse = {
+        jsonrpc: '2.0',
+        id: 'req-tool-result-filtered',
+        result: {
+          content: [{ type: 'text', text: 'Sensitive weather data for London' }],
+          isError: false,
+        },
+      };
+
+      mockTransport.send?.(toolResponse);
+
+      // Tool result content should be filtered out
+      const setAttributesCall = mockSpan.setAttributes.mock.calls[0][0];
+      expect(setAttributesCall).not.toHaveProperty('mcp.tool.result.content');
+      expect(setAttributesCall).toHaveProperty('mcp.tool.result.is_error', false);
+      expect(setAttributesCall).toHaveProperty('mcp.tool.result.content_count', 1);
+    });
+  });
+
+  describe('PII Filtering Function', () => {
+    it('should preserve all data when sendDefaultPii is true', () => {
+      const spanData = {
+        'client.address': '192.168.1.100',
+        'client.port': 54321,
+        'mcp.request.argument.location': '"San Francisco"',
+        'mcp.tool.result.content': 'Weather data: 18°C',
+        'mcp.logging.message': 'User requested weather',
+        'mcp.resource.uri': 'file:///private/docs/secret.txt',
+        'mcp.method.name': 'tools/call', // Non-PII should remain
+      };
+
+      const result = filterMcpPiiFromSpanData(spanData, true);
+
+      expect(result).toEqual(spanData); // All data preserved
+    });
+
+    it('should remove PII data when sendDefaultPii is false', () => {
+      const spanData = {
+        'client.address': '192.168.1.100',
+        'client.port': 54321,
+        'mcp.request.argument.location': '"San Francisco"',
+        'mcp.request.argument.units': '"celsius"',
+        'mcp.tool.result.content': 'Weather data: 18°C',
+        'mcp.logging.message': 'User requested weather',
+        'mcp.resource.uri': 'file:///private/docs/secret.txt',
+        'mcp.method.name': 'tools/call', // Non-PII should remain
+        'mcp.session.id': 'test-session-123', // Non-PII should remain
+      };
+
+      const result = filterMcpPiiFromSpanData(spanData, false);
+
+      expect(result).not.toHaveProperty('client.address');
+      expect(result).not.toHaveProperty('client.port');
+      expect(result).not.toHaveProperty('mcp.request.argument.location');
+      expect(result).not.toHaveProperty('mcp.request.argument.units');
+      expect(result).not.toHaveProperty('mcp.tool.result.content');
+      expect(result).not.toHaveProperty('mcp.logging.message');
+      expect(result).not.toHaveProperty('mcp.resource.uri');
+
+      expect(result).toHaveProperty('mcp.method.name', 'tools/call');
+      expect(result).toHaveProperty('mcp.session.id', 'test-session-123');
+    });
+
+    it('should handle empty span data', () => {
+      const result = filterMcpPiiFromSpanData({}, false);
+      expect(result).toEqual({});
+    });
+
+    it('should handle span data with no PII attributes', () => {
+      const spanData = {
+        'mcp.method.name': 'tools/list',
+        'mcp.session.id': 'test-session',
+      };
+
+      const result = filterMcpPiiFromSpanData(spanData, false);
+      expect(result).toEqual(spanData);
+    });
+  });
 });
 
 // Test helpers