Problem
pii.py masks PII columns in dalgo_get_table_data but dalgo_get_chart_data has no masking:
# warehouse.py — has PII masking ✅
async def dalgo_get_table_data(...):
rows = resp.json()
return json.dumps(mask_pii_in_rows(rows))
# charts.py — no PII masking ❌
async def dalgo_get_chart_data(chart_id: str) -> str:
resp = await client.get(f"/api/charts/{chart_id}/data/")
return format_response(resp) # raw rows go straight to ClaudeChart queries execute arbitrary SQL and can return rows with the same PII columns (name, email, aadhaar, phone, etc.). This data flows directly into Claude's context window and to Anthropic's API.
What to do
Apply mask_pii_in_rows() in dalgo_get_chart_data:
from dalgo_mcp.pii import mask_pii_in_rows
async def dalgo_get_chart_data(chart_id: str) -> str:
resp = await client.get(f"/api/charts/{chart_id}/data/")
if resp.status_code < 400:
try:
rows = resp.json()
if isinstance(rows, list):
return json.dumps(mask_pii_in_rows(rows), indent=2, default=str)
except Exception:
pass
return format_response(resp)Context
MCP tool return values go directly into Claude's context window → Anthropic's API servers. For NGO partners handling beneficiary data, any PII in tool output is a data privacy risk.
Problem
pii.pymasks PII columns indalgo_get_table_databutdalgo_get_chart_datahas no masking:Chart queries execute arbitrary SQL and can return rows with the same PII columns (name, email, aadhaar, phone, etc.). This data flows directly into Claude's context window and to Anthropic's API.
What to do
Apply
mask_pii_in_rows()indalgo_get_chart_data:Context
MCP tool return values go directly into Claude's context window → Anthropic's API servers. For NGO partners handling beneficiary data, any PII in tool output is a data privacy risk.