npm - @treza/mcp - Versions diffs - 0.1.0 → 0.2.0 - Mend

@treza/mcp 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md CHANGED Viewed

@@ -38,6 +38,8 @@ treza-mcp
 |---|---|---|
 | `TREZA_BASE_URL` | `https://app.trezalabs.com` | Treza Platform API URL |
 | `TREZA_TIMEOUT` | `30000` | Request timeout in milliseconds |
+| `TREZA_API_KEY` | — | API key (`treza_live_...`) for authenticated tools like `treza_redact_text` and `treza_pii_audit_query` |
+| `TREZA_ACCOUNT` | — | Optional tenant account the API key belongs to |
 ## Available Tools
@@ -72,6 +74,16 @@ treza-mcp
 | `treza_list_api_keys` | List scoped API keys |
 | `treza_create_api_key` | Create a new API key with specific permissions |
+### PII & Redaction
+| Tool | Description |
+|---|---|
+| `treza_redact_text` | Redact PII from a text string via the redaction enclave; returns redacted text, detected entities, and mode (requires `TREZA_API_KEY` with `redact:run`) |
+| `treza_redact_chat_completions` | OpenAI-compatible chat completion with PII redacted before forwarding upstream; returns the provider response, request id, mode, and optional rehydration map (requires `TREZA_API_KEY` with `redact:proxy`) |
+| `treza_pii_scan` | Heuristically classify which fields in a JSON payload contain PII |
+| `treza_pii_workflow_check` | Audit a workflow definition for where PII flows in, is stripped, or leaks |
+| `treza_pii_audit_query` | Query the PII audit log for past workflow runs (requires `TREZA_API_KEY`) |
 ## MCP Resources
 The server also exposes browsable resources that give agents ambient context:

package/dist/handlers.js CHANGED Viewed

@@ -2,6 +2,22 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handleToolCall = handleToolCall;
 const tools_1 = require("./tools");
+// Built-in PII field name heuristics (case-insensitive substring match)
+const PII_HEURISTICS = [
+    'name', 'firstname', 'lastname', 'fullname',
+    'email', 'phone', 'mobile', 'tel',
+    'dob', 'dateofbirth', 'birthdate', 'birthday', 'age',
+    'ssn', 'sin', 'nin', 'taxid', 'passport', 'license',
+    'address', 'street', 'city', 'zip', 'postcode', 'country',
+    'ip', 'deviceid', 'userid', 'nationalid', 'gender',
+    'salary', 'income', 'creditcard', 'cardnumber', 'iban',
+    'biometric', 'fingerprint', 'faceid',
+];
+function isPIIField(fieldName, customFields) {
+    const lower = fieldName.toLowerCase().replace(/[_\-\s]/g, '');
+    return (PII_HEURISTICS.some(h => lower.includes(h)) ||
+        customFields.some(f => lower.includes(f.toLowerCase().replace(/[_\-\s]/g, ''))));
+}
 function ok(data) {
     return {
         content: [{ type: 'text', text: JSON.stringify(data, null, 2) }],
@@ -154,6 +170,92 @@ async function handleToolCall(client, toolName, args) {
                     apiKey,
                 });
             }
+            // ── PII Redaction ───────────────────────────────────────────────
+            case 'treza_redact_text': {
+                const { text } = tools_1.redactTextSchema.parse(args);
+                const result = await client.redactText(text);
+                return ok(result);
+            }
+            case 'treza_redact_chat_completions': {
+                const { messages, model, modelKey, proxyId, rehydrate } = tools_1.redactChatCompletionsSchema.parse(args);
+                const result = await client.redactChatCompletions({ model, messages }, {
+                    ...(modelKey && { modelKey }),
+                    ...(proxyId && { proxyId }),
+                    ...(rehydrate && { rehydrate }),
+                });
+                return ok(result);
+            }
+            // ── PII Tracking ────────────────────────────────────────────────
+            case 'treza_pii_scan': {
+                const { payload, customPIIFields = [] } = tools_1.piiScanSchema.parse(args);
+                const fields = Object.keys(payload);
+                const piiFields = fields.filter(f => isPIIField(f, customPIIFields));
+                const nonPIIFields = fields.filter(f => !isPIIField(f, customPIIFields));
+                const riskLevel = piiFields.length === 0 ? 'none' : piiFields.length <= 2 ? 'low' : piiFields.length <= 5 ? 'medium' : 'high';
+                return ok({
+                    summary: {
+                        totalFields: fields.length,
+                        piiFieldCount: piiFields.length,
+                        riskLevel,
+                    },
+                    piiFields: piiFields.map(f => ({ field: f, classification: 'pii' })),
+                    nonPIIFields: nonPIIFields.map(f => ({ field: f, classification: 'non-pii' })),
+                    recommendation: piiFields.length > 0
+                        ? `This payload contains ${piiFields.length} PII field(s): ${piiFields.join(', ')}. Use PIIContext.fromObject() and declare requiresPII on each WorkflowStep to control where these fields flow.`
+                        : 'No PII detected. Safe to pass to any workflow step.',
+                });
+            }
+            case 'treza_pii_workflow_check': {
+                const { workflow, initialPayload = {} } = tools_1.piiWorkflowCheckSchema.parse(args);
+                const payloadFields = Object.keys(initialPayload);
+                const detectedPIIFields = payloadFields.filter(f => isPIIField(f, []));
+                const stepAnalysis = workflow.steps.map((step, index) => {
+                    const prevStepAllowed = index === 0
+                        ? detectedPIIFields
+                        : workflow.steps.slice(0, index).reduce((acc, s) => {
+                            return acc.filter(f => s.requiresPII.includes(f));
+                        }, detectedPIIFields);
+                    const piiThatWouldArrive = prevStepAllowed;
+                    const piiStripped = piiThatWouldArrive.filter(f => !step.requiresPII.includes(f));
+                    const violation = piiThatWouldArrive.length > 0 && step.requiresPII.length === 0;
+                    return {
+                        stepId: step.id,
+                        stepName: step.name,
+                        requiresPII: step.requiresPII,
+                        piiFieldsReceived: piiThatWouldArrive.filter(f => step.requiresPII.includes(f)),
+                        piiFieldsStripped: piiStripped,
+                        violation,
+                        violationNote: violation
+                            ? `PII fields [${piiThatWouldArrive.join(', ')}] are present in context but this step declares requiresPII: []. They will be stripped — verify this is intentional.`
+                            : null,
+                    };
+                });
+                const violations = stepAnalysis.filter(s => s.violation);
+                return ok({
+                    workflowId: workflow.id,
+                    workflowName: workflow.name,
+                    summary: {
+                        totalSteps: workflow.steps.length,
+                        stepsReceivingPII: stepAnalysis.filter(s => s.piiFieldsReceived.length > 0).length,
+                        violations: violations.length,
+                        status: violations.length === 0 ? 'clean' : 'violations_detected',
+                    },
+                    steps: stepAnalysis,
+                    ...(violations.length > 0 && {
+                        actionRequired: `${violations.length} step(s) will silently strip PII. Review these steps to confirm requiresPII is correctly declared.`,
+                    }),
+                });
+            }
+            case 'treza_pii_audit_query': {
+                const { workflowId, walletAddress, violationsOnly, limit = 50 } = tools_1.piiAuditQuerySchema.parse(args);
+                const data = await client.queryPIIAudit({
+                    workflowId: workflowId ?? undefined,
+                    walletAddress: walletAddress ?? undefined,
+                    violations: violationsOnly ?? false,
+                    limit: Math.min(limit, 500),
+                });
+                return ok(data);
+            }
             default:
                 return err(`Unknown tool: ${toolName}`);
         }

package/dist/index.js CHANGED Viewed

@@ -9,13 +9,18 @@ const handlers_1 = require("./handlers");
 const resources_1 = require("./resources");
 const TREZA_BASE_URL = process.env.TREZA_BASE_URL || 'https://app.trezalabs.com';
 const TREZA_TIMEOUT = parseInt(process.env.TREZA_TIMEOUT || '30000', 10);
+// Authenticated endpoints (e.g. /api/pii/audit) need an API key + account
+const TREZA_API_KEY = process.env.TREZA_API_KEY;
+const TREZA_ACCOUNT = process.env.TREZA_ACCOUNT || process.env.TREZA_WALLET;
 const client = new treza_client_1.TrezaClient({
     baseUrl: TREZA_BASE_URL,
     timeout: TREZA_TIMEOUT,
+    apiKey: TREZA_API_KEY,
+    account: TREZA_ACCOUNT,
 });
 const server = new mcp_js_1.McpServer({
     name: 'treza-enclaves',
-    version: '0.1.0',
+    version: '0.2.0',
 });
 // ─── Register Tools ─────────────────────────────────────────────────────────
 for (const tool of tools_1.TOOL_DEFINITIONS) {

package/dist/resources.js CHANGED Viewed

@@ -27,6 +27,12 @@ exports.RESOURCE_TEMPLATES = [
         description: 'Quick verification status and trust level for an enclave',
         mimeType: 'application/json',
     },
+    {
+        uriTemplate: 'treza://pii/audit/{workflowId}',
+        name: 'PII Audit Log',
+        description: 'PII access events for a specific workflow, showing which fields were present, allowed, and stripped at each step boundary. Violations are flagged where PII flowed into a step that declared requiresPII: [].',
+        mimeType: 'application/json',
+    },
 ];
 async function handleResourceRead(client, uri) {
     const url = new URL(uri);
@@ -55,5 +61,11 @@ async function handleResourceRead(client, uri) {
         const status = await client.getVerificationStatus(enclaveId);
         return JSON.stringify(status, null, 2);
     }
+    // treza://pii/audit/{workflowId}
+    if (url.host === 'pii' && pathParts.length === 2 && pathParts[0] === 'audit') {
+        const workflowId = pathParts[1];
+        const data = await client.queryPIIAudit({ workflowId });
+        return JSON.stringify(data, null, 2);
+    }
     throw new Error(`Unknown resource URI: ${uri}`);
 }

package/dist/tools.d.ts CHANGED Viewed

@@ -187,6 +187,131 @@ export declare const createApiKeySchema: z.ZodObject<{
     name: string;
     permissions: ("enclaves:read" | "enclaves:write" | "tasks:read" | "tasks:write" | "logs:read")[];
 }>;
+export declare const piiScanSchema: z.ZodObject<{
+    payload: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    customPIIFields: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+}, "strip", z.ZodTypeAny, {
+    payload: Record<string, unknown>;
+    customPIIFields?: string[] | undefined;
+}, {
+    payload: Record<string, unknown>;
+    customPIIFields?: string[] | undefined;
+}>;
+export declare const piiWorkflowCheckSchema: z.ZodObject<{
+    workflow: z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        steps: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            name: z.ZodString;
+            requiresPII: z.ZodArray<z.ZodString, "many">;
+        }, "strip", z.ZodTypeAny, {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }, {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }>, "many">;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        id: string;
+        steps: {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }[];
+    }, {
+        name: string;
+        id: string;
+        steps: {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }[];
+    }>;
+    initialPayload: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, "strip", z.ZodTypeAny, {
+    workflow: {
+        name: string;
+        id: string;
+        steps: {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }[];
+    };
+    initialPayload?: Record<string, unknown> | undefined;
+}, {
+    workflow: {
+        name: string;
+        id: string;
+        steps: {
+            name: string;
+            id: string;
+            requiresPII: string[];
+        }[];
+    };
+    initialPayload?: Record<string, unknown> | undefined;
+}>;
+export declare const redactTextSchema: z.ZodObject<{
+    text: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    text: string;
+}, {
+    text: string;
+}>;
+export declare const redactChatCompletionsSchema: z.ZodObject<{
+    messages: z.ZodArray<z.ZodObject<{
+        role: z.ZodString;
+        content: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        role: string;
+        content: string;
+    }, {
+        role: string;
+        content: string;
+    }>, "many">;
+    model: z.ZodDefault<z.ZodString>;
+    modelKey: z.ZodOptional<z.ZodString>;
+    proxyId: z.ZodOptional<z.ZodString>;
+    rehydrate: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    messages: {
+        role: string;
+        content: string;
+    }[];
+    model: string;
+    modelKey?: string | undefined;
+    proxyId?: string | undefined;
+    rehydrate?: boolean | undefined;
+}, {
+    messages: {
+        role: string;
+        content: string;
+    }[];
+    model?: string | undefined;
+    modelKey?: string | undefined;
+    proxyId?: string | undefined;
+    rehydrate?: boolean | undefined;
+}>;
+export declare const piiAuditQuerySchema: z.ZodObject<{
+    workflowId: z.ZodOptional<z.ZodString>;
+    walletAddress: z.ZodOptional<z.ZodString>;
+    violationsOnly: z.ZodOptional<z.ZodBoolean>;
+    limit: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    walletAddress?: string | undefined;
+    limit?: number | undefined;
+    workflowId?: string | undefined;
+    violationsOnly?: boolean | undefined;
+}, {
+    walletAddress?: string | undefined;
+    limit?: number | undefined;
+    workflowId?: string | undefined;
+    violationsOnly?: boolean | undefined;
+}>;
 export interface ToolDefinition {
     name: string;
     description: string;

package/dist/tools.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TOOL_DEFINITIONS = exports.createApiKeySchema = exports.listApiKeysSchema = exports.createTaskSchema = exports.listTasksSchema = exports.getProviderSchema = exports.listProvidersSchema = exports.getVerificationStatusSchema = exports.verifyAttestationSchema = exports.getAttestationSchema = exports.getEnclaveLogsSchema = exports.enclaveActionSchema = exports.deleteEnclaveSchema = exports.updateEnclaveSchema = exports.createEnclaveSchema = exports.getEnclaveSchema = exports.listEnclavesSchema = void 0;
+exports.TOOL_DEFINITIONS = exports.piiAuditQuerySchema = exports.redactChatCompletionsSchema = exports.redactTextSchema = exports.piiWorkflowCheckSchema = exports.piiScanSchema = exports.createApiKeySchema = exports.listApiKeysSchema = exports.createTaskSchema = exports.listTasksSchema = exports.getProviderSchema = exports.listProvidersSchema = exports.getVerificationStatusSchema = exports.verifyAttestationSchema = exports.getAttestationSchema = exports.getEnclaveLogsSchema = exports.enclaveActionSchema = exports.deleteEnclaveSchema = exports.updateEnclaveSchema = exports.createEnclaveSchema = exports.getEnclaveSchema = exports.listEnclavesSchema = void 0;
 const zod_1 = require("zod");
 /**
  * Zod schemas and metadata for all MCP tools exposed by the Treza server.
@@ -83,6 +83,42 @@ exports.createApiKeySchema = zod_1.z.object({
     permissions: zod_1.z.array(zod_1.z.enum(['enclaves:read', 'enclaves:write', 'tasks:read', 'tasks:write', 'logs:read'])).describe('Array of permission scopes'),
     walletAddress: zod_1.z.string().describe('Wallet address for authorization'),
 });
+// ─── PII Tracking ────────────────────────────────────────────────────────────
+exports.piiScanSchema = zod_1.z.object({
+    payload: zod_1.z.record(zod_1.z.unknown()).describe('The JSON object (agent context or step input) to scan for PII fields'),
+    customPIIFields: zod_1.z.array(zod_1.z.string()).optional().describe('Additional field names to treat as PII beyond the built-in heuristics (e.g. ["employeeId", "taxId"])'),
+});
+exports.piiWorkflowCheckSchema = zod_1.z.object({
+    workflow: zod_1.z.object({
+        id: zod_1.z.string().describe('Workflow identifier'),
+        name: zod_1.z.string().describe('Human-readable workflow name'),
+        steps: zod_1.z.array(zod_1.z.object({
+            id: zod_1.z.string(),
+            name: zod_1.z.string(),
+            requiresPII: zod_1.z.array(zod_1.z.string()).describe('PII field names this step is allowed to receive'),
+        })).describe('Ordered list of workflow steps with their PII declarations'),
+    }).describe('Workflow definition to analyse'),
+    initialPayload: zod_1.z.record(zod_1.z.unknown()).optional().describe('The data object that will be passed into the first step, used to show which fields are affected'),
+});
+exports.redactTextSchema = zod_1.z.object({
+    text: zod_1.z.string().describe('The text to redact. PII is detected and replaced with typed placeholders (e.g. [EMAIL_1]).'),
+});
+exports.redactChatCompletionsSchema = zod_1.z.object({
+    messages: zod_1.z.array(zod_1.z.object({
+        role: zod_1.z.string().describe('Message role (e.g. "system", "user", "assistant")'),
+        content: zod_1.z.string().describe('Message content; PII is redacted before forwarding upstream'),
+    })).describe('OpenAI-style chat messages'),
+    model: zod_1.z.string().default('gpt-4o-mini').describe('Upstream model name'),
+    modelKey: zod_1.z.string().optional().describe('Upstream provider API key (x-model-key). Omit when the selected proxy stores one.'),
+    proxyId: zod_1.z.string().optional().describe('Configured redaction proxy id (x-treza-proxy) carrying the upstream URL, stored key, and policy'),
+    rehydrate: zod_1.z.boolean().optional().describe('When true, also return the placeholder → original map so values can be restored in the response'),
+});
+exports.piiAuditQuerySchema = zod_1.z.object({
+    workflowId: zod_1.z.string().optional().describe('Filter events by workflow ID'),
+    walletAddress: zod_1.z.string().optional().describe('Filter events by wallet address'),
+    violationsOnly: zod_1.z.boolean().optional().describe('If true, return only events where PII flowed into a step that declared requiresPII: []'),
+    limit: zod_1.z.number().optional().describe('Maximum number of events to return (default 50, max 500)'),
+});
 exports.TOOL_DEFINITIONS = [
     {
         name: 'treza_list_enclaves',
@@ -164,4 +200,29 @@ exports.TOOL_DEFINITIONS = [
         description: 'Create a new scoped API key for programmatic access to the Treza platform. Returns the key only once — store it securely.',
         schema: exports.createApiKeySchema,
     },
+    {
+        name: 'treza_pii_scan',
+        description: 'Scan a JSON payload for fields that likely contain Personally Identifiable Information (PII). Uses built-in heuristics (name, email, dob, ssn, address, passport, etc.) plus any custom fields you supply. Returns a classified field list and a risk summary. Use this before passing context to a workflow step to understand what sensitive data is present.',
+        schema: exports.piiScanSchema,
+    },
+    {
+        name: 'treza_pii_workflow_check',
+        description: 'Analyse a full workflow definition and report which steps receive PII, which strip it, and flag any steps where PII would flow in despite the step declaring requiresPII: []. Use this to audit a workflow design before running it, or to document your data-flow for compliance purposes.',
+        schema: exports.piiWorkflowCheckSchema,
+    },
+    {
+        name: 'treza_redact_text',
+        description: 'Redact PII from a text string using the Treza redaction enclave. Returns the redacted text (PII replaced with typed placeholders like [EMAIL_1]), the detected entities, and the redaction mode (tee/standard). The original text is never stored or forwarded. Use this before sending agent context to an external LLM or storing it. Requires TREZA_API_KEY with the redact:run permission.',
+        schema: exports.redactTextSchema,
+    },
+    {
+        name: 'treza_redact_chat_completions',
+        description: 'OpenAI-compatible chat completion with PII redacted before the prompt is forwarded to the upstream model provider. Message content is stripped of PII, sent upstream, and the provider response is returned verbatim along with the Treza request id and mode. Pass rehydrate:true to also get the placeholder → original map so you can restore values in the response. Provide either modelKey (upstream key) or proxyId (a configured proxy that stores one). Requires TREZA_API_KEY with the redact:proxy permission.',
+        schema: exports.redactChatCompletionsSchema,
+    },
+    {
+        name: 'treza_pii_audit_query',
+        description: 'Query the PII audit log for past workflow runs. Returns PIIAccessEvent records showing which PII fields were present, allowed, and stripped at each step boundary. Filter by workflowId, walletAddress, or show only violation events where PII leaked into a step that should not have received it.',
+        schema: exports.piiAuditQuerySchema,
+    },
 ];

package/dist/treza-client.d.ts CHANGED Viewed

@@ -1,6 +1,10 @@
 export interface TrezaConfig {
     baseUrl?: string;
     timeout?: number;
+    /** Treza API key (treza_live_... / treza_test_...) — required for authenticated endpoints like /api/pii/audit. */
+    apiKey?: string;
+    /** Tenant account the API key belongs to; sent as the x-treza-account header. */
+    account?: string;
 }
 export declare class TrezaSdkError extends Error {
     readonly code?: string;
@@ -34,4 +38,33 @@ export declare class TrezaClient {
     createTask(request: Record<string, unknown>): Promise<any>;
     getApiKeys(walletAddress: string): Promise<any>;
     createApiKey(request: Record<string, unknown>): Promise<any>;
+    /**
+     * Redact PII from a text string via the redaction enclave (`POST /api/redact/run`).
+     * Requires an API key with the `redact:run` permission. The original text is
+     * never stored or forwarded.
+     */
+    redactText(text: string): Promise<any>;
+    /**
+     * OpenAI-compatible chat completions with PII redacted before forwarding
+     * upstream (`POST /api/redact/chat/completions`). Requires an API key with the
+     * `redact:proxy` permission and either a stored proxy key (via `proxyId`) or an
+     * upstream `modelKey`. Streaming is not supported here. Returns the upstream
+     * response body plus the Treza request id, mode, and (optional) rehydration map.
+     */
+    redactChatCompletions(request: Record<string, unknown>, options?: {
+        modelKey?: string;
+        proxyId?: string;
+        rehydrate?: boolean;
+    }): Promise<{
+        rehydration?: Record<string, string> | undefined;
+        data: any;
+        requestId: string;
+        mode: string;
+    }>;
+    queryPIIAudit(params: {
+        workflowId?: string;
+        walletAddress?: string;
+        violations?: boolean;
+        limit?: number;
+    }): Promise<any>;
 }

package/dist/treza-client.js CHANGED Viewed

@@ -20,10 +20,15 @@ exports.TrezaSdkError = TrezaSdkError;
  */
 class TrezaClient {
     constructor(config = {}) {
+        const headers = { 'Content-Type': 'application/json' };
+        if (config.apiKey)
+            headers['Authorization'] = `Bearer ${config.apiKey}`;
+        if (config.account)
+            headers['x-treza-account'] = config.account;
         this.client = axios_1.default.create({
             baseURL: config.baseUrl || 'https://app.trezalabs.com',
             timeout: config.timeout || 30000,
-            headers: { 'Content-Type': 'application/json' },
+            headers,
         });
         this.client.interceptors.response.use((r) => r, (error) => {
             if (error.response) {
@@ -109,5 +114,58 @@ class TrezaClient {
         const r = await this.client.post('/api/api-keys', request);
         return r.data.apiKey;
     }
+    // ── PII Redaction ──────────────────────────────────────────────────────────
+    /**
+     * Redact PII from a text string via the redaction enclave (`POST /api/redact/run`).
+     * Requires an API key with the `redact:run` permission. The original text is
+     * never stored or forwarded.
+     */
+    async redactText(text) {
+        const r = await this.client.post('/api/redact/run', { text });
+        return r.data;
+    }
+    /**
+     * OpenAI-compatible chat completions with PII redacted before forwarding
+     * upstream (`POST /api/redact/chat/completions`). Requires an API key with the
+     * `redact:proxy` permission and either a stored proxy key (via `proxyId`) or an
+     * upstream `modelKey`. Streaming is not supported here. Returns the upstream
+     * response body plus the Treza request id, mode, and (optional) rehydration map.
+     */
+    async redactChatCompletions(request, options = {}) {
+        const headers = {};
+        if (options.modelKey)
+            headers['x-model-key'] = options.modelKey;
+        if (options.proxyId)
+            headers['x-treza-proxy'] = options.proxyId;
+        if (options.rehydrate)
+            headers['x-treza-rehydrate'] = '1';
+        const r = await this.client.post('/api/redact/chat/completions', { ...request, stream: false }, { headers });
+        let rehydration;
+        const rehydrationHeader = r.headers['x-treza-rehydration'];
+        if (typeof rehydrationHeader === 'string' && rehydrationHeader) {
+            try {
+                rehydration = JSON.parse(rehydrationHeader);
+            }
+            catch {
+                rehydration = undefined;
+            }
+        }
+        return {
+            data: r.data,
+            requestId: r.headers['x-treza-request-id'] || '',
+            mode: r.headers['x-treza-mode'] || 'standard',
+            ...(rehydration ? { rehydration } : {}),
+        };
+    }
+    // ── PII Audit ────────────────────────────────────────────────────────────
+    async queryPIIAudit(params) {
+        const r = await this.client.get('/api/pii/audit', { params: {
+                ...(params.workflowId && { workflowId: params.workflowId }),
+                ...(params.walletAddress && { walletAddress: params.walletAddress }),
+                ...(params.violations && { violations: 'true' }),
+                limit: params.limit ?? 50,
+            } });
+        return r.data;
+    }
 }
 exports.TrezaClient = TrezaClient;

package/package.json CHANGED Viewed

@@ -1,7 +1,8 @@
 {
   "name": "@treza/mcp",
-  "version": "0.1.0",
-  "description": "Model Context Protocol server for Treza Enclaves — lets AI agents manage TEEs, verify attestations, and sign transactions",
+  "version": "0.2.0",
+  "mcpName": "io.github.treza-labs/treza",
+  "description": "Model Context Protocol server for Treza Enclaves — lets AI agents manage TEEs, verify attestations, redact PII, and sign transactions",
   "keywords": [
     "treza",
     "mcp",
@@ -10,7 +11,9 @@
     "enclaves",
     "tee",
     "attestation",
-    "nitro-enclaves"
+    "nitro-enclaves",
+    "pii",
+    "redaction"
   ],
   "homepage": "https://trezalabs.com",
   "repository": {