masquerade

Masquerade acts as a privacy firewall for your documents by redacting sensitive information detected in PDFs. The MCP server integrates with Tinfoil (an isolated AI platform) to identify data such as names, emails, dates, and entities, then produces a redacted PDF and a summary including masked data, per-page redaction counts, and the redacted file path. To use it, run the configured MCP server to start the redaction tool, then invoke the MCP via your preferred interface to process a PDF by providing its file path. The workflow is designed so you can preview redactions before sending results to an LLM like Claude. The server exposes an endpoint that accepts a PDF path, performs the following steps: read the PDF, extract text, send the text to Tinfoil for sensitive data detection, apply redactions, generate a redacted PDF, and return a summary with the redacted file path and counts. You can then manually upload the redacted PDF to Claude for further querying if desired.

Prerequisites:

• Python 3.10 to 3.12
• A Python virtual environment tool (venv)
• An API key for Tinfoil
• Git and pip

Step-by-step installation:

1. Create and activate a Python virtual environment:

python3.12 -m venv pdfmcp
source pdfmcp/bin/activate
python --version

2. Install the Masquerade MCP package directly from GitHub:

pip install git+https://github.com/postralai/masquerade@main

3. Configure Claude (optional automation) and obtain the MCP script path as described in the repository documentation. Obtain a Tinfoil API key from your Tinfoil account.

4. Prepare the MCP configuration by pointing to your Python path and the MCP script, and set the environment variable for Tinfoil API key. Example configuration (adjust paths accordingly):

{
  "mcpServers": {
    "pdf-redaction": {
      "command": "/path/to/python", // Run `which python`
      "args": ["/path/to/mcp_pdf_redaction.py"], // Run `python -c ...`
      "env": {
        "TINFOIL_API_KEY": "your_api_key" // Create Tinfoil account and paste API key
      }
    }
  }
}

5. Run or integrate the MCP server using your preferred MCP runner or interface.

Notes and tips:

• The MCP is designed to work with Tinfoil for sensitive-data detection; ensure your TINFOIL_API_KEY is valid.
• Do not upload the original PDF to Claude; always provide only the file path for processing the redacted version.
• Ensure your Python version falls within the supported range (>=3.10, <=3.12).
• If you encounter environment/setup issues, re-check that the MCP script path and Python path are correct, and that the virtual environment is activated before launching the server.
• When testing, verify that the path to the input PDF is accessible by the MCP process, and that the redacted PDF is written to a writable location.
• The MCP can return a summary including masked versions of sensitive data, per-page redaction counts, and the path to the redacted file for easy downstream use.