Skip to main content
Field Controls give you deterministic, field-level governance over structured JSON tool output — independent of text-based detection. Instead of scanning payloads for patterns, you name exact field paths to either remove or keep from a specific tool’s response. Use field controls when:
  • You know the exact JSON field paths that contain sensitive data
  • You want to guarantee a field is always removed regardless of its content
  • You need an allow-only posture — strip every field except the ones explicitly approved for a given audience
  • The tool returns structured data (Salesforce records, database rows, API responses) where field names are stable
Field controls complement MCP Policies: use MCP policies for text-pattern detection across many tools, and field controls for precise, schema-aware redaction on specific tools.

View your field control rules

Navigate to Data Control Center → Field Controls. The rules table lists every active rule with:
  • Rule name
  • MCP Server and Tool — the specific tool the rule targets
  • Direction — Input (what the agent sends) or Output (what the tool returns)
  • Mode — Redact listed fields, or Allow only listed fields
  • Audience — groups or roles scoped (blank = everyone)
  • Status — enabled or disabled

Create a rule

Before creating a rule, use the Sample a call panel to see the real response shape from the tool. This tells you the exact field paths to configure.
  1. In the Field Controls tab, click New rule to open the rule dialog.
  2. Select the MCP Server and tool you want to control.
  3. In the Sample a call section, click the expander. This runs a live call through the proxy admin endpoint and returns the structured response. Sample a call panel
  4. The response fields appear in the field picker. Select the paths you want to redact or allow.

Step 2 — Configure the rule

Complete the remaining fields:
  1. Rule name — a descriptive name (e.g., “Strip revenue fields from Salesforce Account for support group”).
  2. Direction:
    • Output — controls what the tool returns to the agent (most common)
    • Input — controls what the agent sends to the tool
  3. Mode:
    ModeBehaviour
    Redact listedThe fields you name are removed; everything else passes through, including new fields the tool adds later
    Allow only listedOnly the fields you name pass through; everything else is removed, including new fields the tool adds later
    Choose Redact listed when you have a small number of known sensitive fields and want everything else to flow. Choose Allow only listed when you need strict control and only a defined subset of fields should ever reach the agent.
  4. Fields — select paths from the field picker (populated by the sample call), or type dotted paths directly (e.g., records[*].AnnualRevenue, records[*].BillingAddress).
  5. Principals (optional) — add groups or roles to scope the rule. Without principals, the rule applies to everyone.
  6. Enabled — leave toggled on to activate immediately, or toggle off to save the rule in a disabled state.
  7. Click Save rule.

Edit a rule

  1. Find the rule in the Field Controls table.
  2. Click ⋮ → Edit.
  3. Update the name, mode, field list, or principals.
  4. Save. The rule takes effect immediately on the next matching tool call.

Delete a rule

  1. Click ⋮ → Delete on the rule row.
  2. Confirm. The rule stops applying immediately.

Enable and disable rules

Toggle a rule on or off without deleting it. Use this to temporarily suspend a rule during debugging or a maintenance window while preserving its configuration.

Test a field control rule

Using the Sample a call panel

The sample panel within the rule editor is the primary testing tool. Before saving a rule, run a sample call and verify:
  1. The fields you expect to be present are in the response
  2. Your selected field paths match the actual paths in the response (nested paths use dot notation: records[0].Name)

Using the Policy Test Workbench

  1. Navigate to Data Control Center → Test.
  2. Select the MCP server and tool.
  3. Paste a representative tool response payload.
  4. Review the processed output to confirm the fields are redacted or allowed as expected.

Verifying in the Audit Center

Field control events appear in the Audit Center alongside detection policy events. Filter by Event type → Data Protection and look for field_control action type rows. Each row shows:
  • The tool and MCP server
  • The direction (Input / Output)
  • The fields that were redacted
  • The rule and principal context that matched

Common patterns

Always strip revenue data from Salesforce Account records for the support team:
  • Server: Revenue ops Salesforce
  • Tool: queryAccount
  • Direction: Output
  • Mode: Redact listed
  • Fields: records[*].AnnualRevenue, records[*].BillingAddress, records[*].Contract__c
  • Principals: Group customer-support
Allow only approved fields from a finance tool for all users:
  • Server: Finance reconciliation
  • Tool: getVendorPayment
  • Direction: Output
  • Mode: Allow only listed
  • Fields: vendor_name, payment_date, invoice_id, status
  • Principals: (none — applies to everyone)
Strip all internal metadata from outgoing tool inputs:
  • Server: Internal API
  • Tool: createTicket
  • Direction: Input
  • Mode: Redact listed
  • Fields: _internal_user_id, _session_token, _trace_id
  • Principals: (none)