Response Redaction
AxonFlow automatically detects and redacts sensitive data in MCP connector responses before they reach your application. This provides a security layer that protects PII and other sensitive information.
How Redaction Works
When a connector returns data, AxonFlow:
- Scans Response Data: Recursively examines all fields in the response
- Pattern Matching: Applies regex patterns to detect sensitive data
- Validation: Runs validators (Luhn, checksum) to reduce false positives
- Redaction: Replaces sensitive values with
[REDACTED]placeholder - Metadata: Records which fields were redacted in
redacted_fields
Redacted Response Example
Original data from connector:
{
"customer_id": 12345,
"name": "Jane Smith",
"ssn": "123-45-6789",
"credit_card": "4111-1111-1111-1111",
"email": "[email protected]"
}
After redaction:
{
"customer_id": 12345,
"name": "Jane Smith",
"ssn": "[REDACTED]",
"credit_card": "[REDACTED]",
"email": "[email protected]"
}
Response metadata:
{
"redacted": true,
"redacted_fields": [
"data[0].ssn",
"data[0].credit_card"
],
"policy_info": {
"redactions_applied": 2,
"matched_policies": [
{"policy_id": "pii-us-ssn", "policy_name": "US Social Security Number", "category": "pii-us", "severity": "critical", "action": "redact"},
{"policy_id": "pii-global-credit-card", "policy_name": "Global Credit Card", "category": "pii-global", "severity": "critical", "action": "redact"}
]
}
}
PII Categories
Global PII
| Type | Pattern | Validator |
|---|---|---|
| Credit Card | 13-19 digits | Luhn algorithm |
| RFC 5322 pattern | Format check | |
| Phone | International formats | Format check |
| IP Address | IPv4/IPv6 | Format check |
US PII
| Type | Pattern | Validator |
|---|---|---|
| SSN | XXX-XX-XXXX | Area/group rules |
| Driver's License | State-specific | Format check |
| Passport | 9 alphanumeric | Format check |
| Bank Routing | 9 digits | ABA checksum |
India PII
| Type | Pattern | Validator |
|---|---|---|
| Aadhaar | 12 digits | Verhoeff checksum |
| PAN | XXXXX0000X | Entity type check |
| Passport | X0000000 | Format check |
EU PII
| Type | Pattern | Validator |
|---|---|---|
| IBAN | Country-specific | MOD97 checksum |
| National ID | Country-specific | Format check |
| VAT Number | Country prefix | Format check |
Redaction Strategies
Full Redaction (Default)
Replaces the entire value:
123-45-6789 → [REDACTED]
Partial Redaction
Preserves part of the value for reference:
123-45-6789 → XXX-XX-6789
4111-1111-1111-1111 → XXXX-XXXX-XXXX-1111
Configure with REDACTION_STRATEGY=partial.
Hash Redaction
Replaces with a consistent hash for deduplication:
123-45-6789 → [HASH:a1b2c3d4]
Configure with REDACTION_STRATEGY=hash.
SDK Handling
Check for redacted fields in your application:
// Go
resp, _ := client.MCPQuery(ctx, req)
if resp.Redacted {
// Log redaction for audit
log.Printf("Data redacted: %v", resp.RedactedFields)
// Check if critical fields were redacted
for _, field := range resp.RedactedFields {
if strings.Contains(field, "required_field") {
return errors.New("required field was redacted")
}
}
}
// TypeScript
const resp = await client.mcpQuery(req);
if (resp.redacted) {
// Handle redacted data
console.warn("Some fields were redacted:", resp.redacted_fields);
// Optionally notify user
if (resp.redacted_fields?.some(f => f.includes("payment"))) {
showMessage("Payment details are protected");
}
}
Selective Redaction
Configure which categories to redact per tenant:
-- Only redact critical PII (SSN, credit cards)
INSERT INTO static_policies (tenant_id, category, severity, action_response)
VALUES ('tenant-1', 'pii-us', 'critical', 'redact');
-- Log but don't redact medium severity
INSERT INTO static_policies (tenant_id, category, severity, action_response)
VALUES ('tenant-1', 'pii-global', 'medium', 'log');
Bypassing Redaction
For authorized use cases, request unredacted data:
{
"connector": "postgres-demo",
"statement": "SELECT * FROM customers",
"options": {
"bypass_redaction": true,
"justification": "Customer support case #12345"
}
}
Requires pii.bypass permission and logs to audit trail.
Performance
Redaction is optimized for minimal latency:
- Streaming Processing: Data processed as it's received
- Compiled Patterns: Regex patterns pre-compiled at startup
- Parallel Scanning: Multiple fields scanned concurrently
- Early Exit: Stops scanning when max redactions reached
Typical performance:
- 100 fields:
<2ms - 1000 fields:
<10ms - 10000 fields:
<50ms
Audit Trail
All redactions are logged for compliance:
{
"event": "pii_redacted",
"timestamp": "2026-01-09T12:00:00Z",
"tenant_id": "tenant-1",
"connector": "postgres-demo",
"user_id": "user-123",
"fields_redacted": ["ssn", "credit_card"],
"policies_matched": ["pii-us-ssn", "pii-global-credit-card"]
}
Troubleshooting
False Positives
If legitimate data is being redacted:
- Check the
matched_policiesin response - Review pattern configuration for that policy
- Add exclusion pattern if needed:
UPDATE static_policies
SET exclude_pattern = 'test|sample|demo'
WHERE id = 'problematic-policy-id';
Missing Redactions
If sensitive data isn't being redacted:
- Verify policy is enabled:
enabled = true - Check phase:
phase IN ('response', 'both') - Check severity threshold:
severity >= 'medium' - Verify pattern matches your data format