Skip to content
MCP Bridge Docs

Trust Levels

Set trust per server with servers.<name>.trust.

Supported values:

  • trusted (default): pass tool results through unchanged
  • untrusted: wrap result with trust metadata
  • sanitize: sanitize strings by stripping HTML tags and known prompt-injection patterns

Example config

Section titled “Example config”
{
  "servers": {
    "github": {
      "transport": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "trust": "trusted"
    },
    "community-server": {
      "transport": "sse",
      "url": "https://example.com/mcp",
      "trust": "untrusted"
    },
    "web-scraper": {
      "transport": "streamable-http",
      "url": "https://scraper.example.com/mcp",
      "trust": "sanitize"
    }
  }
}

Result behavior by trust level

Section titled “Result behavior by trust level”

trusted

Section titled “trusted”

Result is returned as received from the upstream MCP server.

untrusted

Section titled “untrusted”

Result is wrapped to preserve original payload and attach source metadata:

{
  "_trust": "untrusted",
  "_server": "community-server",
  "result": { "...": "original tool result" }
}

sanitize

Section titled “sanitize”

Result is recursively sanitized:

  • Removes HTML tags from text
  • Removes known prompt-injection regex matches
  • Keeps non-string structures and content layout intact

sanitize does not add _trust metadata; it transforms result text in-place.