A privacy layer for Claude Code pentest workflows. Automatically detects PII (IPs, emails, API keys, person names, orgs, locations) using regex and NER, swaps them for deterministic fake values, and maintains a bidirectional mapping table. The redact_proxy_request tool deobfuscates outbound HTTP requests, makes the real call to target systems, then obfuscates the response before Claude sees it. Includes redact_read_file for sanitizing input files and redact_export for reversing obfuscation in final deliverables. Optional JSONL audit logging captures every transformation with full before/after text. Useful when you need Claude to analyze scan results or API responses without sending client infrastructure details to an LLM provider.
claude mcp add --transport stdio r3352-redact-mcp uvx redact-mcp