Skip to content

OpenMaskit

OpenMaskit is a local MCP proxy that sits between an AI agent (Claude Code, Cursor, Codex CLI) and the upstream MCP servers it talks to. It rewrites sensitive values in tool responses to stable aliases (host_1, email_2, api_key_1) before they reach the model, and swaps them back when the agent passes an alias into a subsequent tool call.

The model gets a coherent view of the world. The real values never leave your machine.


Why this exists

AI agents see everything an MCP tool returns. Database hostnames. Customer emails. Internal IDs. Webhook URLs. All of it lands in the context window — sent to the model provider, sometimes logged, sometimes used to train.

Even on a solo dev machine, that adds up fast. One conversation with Claude Code can put your Supabase project ID, your dev Postgres host, customer emails from a staging snapshot, and the contents of your Linear backlog into a context window you don't control.

OpenMaskit gives you a single chokepoint where the data flowing from your tools to the model can be masked, filtered, blocked, or rewritten — with rules you control.

What you can do with it

  • Mask field values in tool responses before they reach the model, and unmask aliases on the way back.
  • Strip fields entirely when even an alias is too much information.
  • Block tool calls whose arguments match dangerous patterns ("guardrails").
  • Inject or override arguments silently before forwarding ("injections").
  • Hide tools from the agent so they're not callable at all.
  • Audit every tool call — masked and unmasked, encrypted at rest.
  • Install upstream servers from a marketplace, or add custom ones via the UI.

The 60-second tour

# Install and run — uvx fetches Python if you don't have one.
curl -LsSf https://astral.sh/uv/install.sh | sh
uvx openmaskit

Then open the dashboard at http://127.0.0.1:9473, add an MCP server from the marketplace or paste a custom config, and point your AI agent at http://127.0.0.1:9474/{server}/mcp.

That's it. Open the Quickstart for a hands-on walkthrough.

Quickstart Concepts


Where things live

Topic Page
Install and first run Quickstart
Aliases, rules, mappers Concepts
openmaskit.yaml + env vars Configuration
Threat model + what's local Security model
Common questions FAQ

Status

OpenMaskit is early stage — pre-1.0, under active development, breaking changes are expected between minor versions. The 0.6.0 release added CSRF and Origin enforcement on the dashboard API and migrated the alias table primary key; see the CHANGELOG for details before upgrading.

Licensed under Apache-2.0. Source on GitHub.