Lucairn Privacy Gateway — MCP Server

EU-based privacy gateway for AI. Sits between your MCP-enabled agent and the upstream LLM (Claude, GPT-4o, o1/o3/o4) and automatically removes PII before the model ever sees it. Each response carries a signed compliance certificate proving what was redacted.

Free Developer tier: 1,000 requests/month. Cross-provider BYOK supported (one or both of ANTHROPIC_API_KEY and OPENAI_API_KEY).

Quick start

npx -y @lucairn/mcp-server

The server speaks MCP over stdio and exposes one tool, chat_via_lucairn, using the Anthropic Messages API wire format.

Configure your MCP client

Claude Desktop / Cline / Continue / Cursor

Add this to your MCP config file (claude_desktop_config.json, cline_mcp_settings.json, etc.):

{
  "mcpServers": {
    "lucairn": {
      "command": "npx",
      "args": ["-y", "@lucairn/mcp-server"],
      "env": {
        "LUCAIRN_API_KEY": "<your_lucairn_api_key>",
        "ANTHROPIC_API_KEY": "<optional_byok_anthropic_key>",
        "OPENAI_API_KEY": "<optional_byok_openai_key>"
      }
    }
  }
}

Restart your client. The chat_via_lucairn tool becomes available immediately.

Get a Lucairn API key

Free Developer tier — sign up at https://lucairn.eu/account/signup. No credit card required. 1,000 requests/month included.

What the server does

1. Your agent calls chat_via_lucairn with an Anthropic-Messages-API-shaped payload (model, messages, max_tokens, optional system).
2. The Lucairn gateway runs three layers of PII detection on user content:
   • Layer 1: Known-entity matching (your tenant's named entities)
   • Layer 2: Presidio NER (names, emails, IBANs, addresses, phone numbers, customer IDs, …)
   • Layer 3: GPU-hosted custom-trained PII shield (Pro/Enterprise tier)
3. Detected PII is replaced with placeholders ([PERSON_1], [EMAIL_2], [IBAN_3], etc.) before reaching the upstream LLM.
4. The upstream model (Claude or OpenAI) sees only sanitized text. It never sees raw PII.
5. The response comes back with a signed compliance certificate (ed25519 + RFC 3161 timestamp + Sigstore Rekor inclusion proof) that proves what was redacted, when, and by which sanitizer layer.
6. Pro and Enterprise tiers can re-link placeholders to original values in the response. Developer (free) tier returns placeholders verbatim — useful for testing the redaction surface.

Provider routing

The gateway picks the upstream provider from the model parameter:

If you only set one of the two BYOK env vars, you can only call models from that provider. If you set neither, calls use Lucairn's built-in upstream credits (counted against your quota).

Links

• Source: https://github.com/Declade/lucairn-sdks (mcp-server lives at mcp-server/)
• npm: https://www.npmjs.com/package/@lucairn/mcp-server
• Glama listing: https://glama.ai/mcp/servers/Declade/lucairn-sdks
• Docs: https://lucairn.eu
• Sign up (free): https://lucairn.eu/account/signup

License

MIT — see LICENSE.