The Data Masking MCP feature plugin helps users plan, review, apply, and validate data masking rule changes for ShardingSphere-Proxy logical databases. Mask rules apply directly to logical columns. This feature only generates and applies masking rule DistSQL. It does not generate physical DDL, index suggestions, data migration, or extra probing SQL.
runtimeDatabases should point to Proxy logical databases, not physical storage databases.Users describe the masking goal in an AI application that integrates ShardingSphere-MCP.
Examples:
<logic-database>.orders.phone already has a masking rule.<logic-database>.orders.phone, keep the first 3 and last 4 characters, and preview it without execution.* as the replacement character.Users should review masking rule DistSQL, algorithm properties, and side-effect scope before approving any side-effecting execution.
When using natural language, include the following information when possible:
| Information | Description | Example |
|---|---|---|
| Logical database, table, and column | Specify the ShardingSphere-Proxy logical object to configure. | “Configure masking for <logic-database>.orders.phone.” |
| Schema or namespace | Recommended for multi-schema logical databases. | “The schema is public.” |
| Operation type | Create, alter, or drop a masking rule. | “Create a masking rule” or “drop the masking rule for this column.” |
| Masking goal | Describe retained characters, replacement characters, or other masking effects. | “Keep the first 3 and last 4 phone-number characters, and replace the middle part with *.” |
| Algorithm preference | Specify an algorithm, or let MCP recommend one from algorithms available from Proxy. | “List data masking algorithms available from the current Proxy.” or “Prefer the keep-first-n-last-m algorithm.” |
| Algorithm properties | Provide retained character counts and replacement characters. | “Keep the first 3 and last 4 characters, and use * as the replacement character.” |
| Operation | Natural language example | Content to review |
|---|---|---|
| Create | “Plan phone-number masking for orders.phone and preview it without execution.” |
The new masking rule, masking algorithm, and properties. |
| Alter | “Change the previous masking rule to keep the first 3 and last 4 characters.” | The altered masking rule and whether sibling masking columns are preserved. |
| Drop | “Drop the masking rule for orders.phone and preview the impact first.” |
Whether the target column rule is dropped and whether sibling masking columns are preserved. |
After a plan is generated, review:
Preview first, then review rule DistSQL and side-effect scope before execution.
| Phase | Natural language example | User focus |
|---|---|---|
| Preview | “Preview the previous masking rule plan without executing it.” | Inspect rule DistSQL, algorithm, and properties before execution. |
| Execute | “Confirm and execute the previous plan.” | Confirm that the side-effecting change has been reviewed. |
| Manual execution | “Export a manual execution package without automatic execution.” | Let operators review and execute in a controlled environment. |
| Validate | “Validate whether the previous masking rule has taken effect.” | Check rule state and workflow execution result. |
For the general review flow of rule changes, see Rule Change Flow.