MCP Server Test

https://mcp.dlptest.com/ is a public Model Context Protocol server that exposes the same synthetic PII, PCI, and PHI generators that power this site — but over the MCP wire protocol instead of a web page. Point any MCP-capable agent at it and the tool calls will flow over real HTTP that your DLP can inspect.

Data is entirely synthetic. Nothing sent to this endpoint is stored, logged, or forwarded. The endpoint is also reachable at https://dlptest.com/api/mcp/ as a fallback.

Setup

Do It For Me

Download the setup file and drop it anywhere in your repository. When you ask your AI coding agent to set up the DLPTest MCP server, it will use this file to configure the connection.

Download mcp-setup-readme.md

Do It Yourself

Pick your tool and follow the steps to connect manually.

Claude Code CLI

Step 1 — Run the CLI command (adds to your user config):

# Add via the Claude Code CLI (one-time setup)
claude mcp add dlptest --transport http https://mcp.dlptest.com/

Step 2 — Or add JSON directly to .claude/settings.json (project) or ~/.claude.json (global):

// .claude/settings.json (project) or ~/.claude.json (global)
{
  "mcpServers": {
    "dlptest": {
      "type": "http",
      "url": "https://mcp.dlptest.com/"
    }
  }
}

Step 3 — Verify: ask your agent "List the tools on the dlptest MCP server."

Claude Desktop / Anthropic Agent

Step 1 — Open claude_desktop_config.json:

  • macOS: ~/Library/Application Support/Claude/
  • Windows: %APPDATA%\Claude\

Step 2 — Add the server entry:

// claude_desktop_config.json
// macOS: ~/Library/Application Support/Claude/
// Windows: %APPDATA%\Claude\
{
  "mcpServers": {
    "dlptest": {
      "type": "http",
      "url": "https://mcp.dlptest.com/"
    }
  }
}

Step 3 — Restart Claude Desktop and verify the dlptest tools appear.

Cursor

Step 1 — Create or edit .cursor/mcp.json in your project root (or ~/.cursor/mcp.json for global access):

// .cursor/mcp.json (project) or ~/.cursor/mcp.json (global)
{
  "mcpServers": {
    "dlptest": {
      "url": "https://mcp.dlptest.com/"
    }
  }
}

Step 2 — Reload Cursor. The dlptest tools should appear in the MCP panel.

Windsurf

Step 1 — Edit ~/.codeium/windsurf/mcp_config.json. Windsurf uses SSE transport, so the URL ends in /sse:

// ~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "dlptest": {
      "serverUrl": "https://mcp.dlptest.com/sse"
    }
  }
}

Step 2 — Reload Windsurf and confirm the server is listed under MCP Servers.

VS Code GitHub Copilot

Step 1 — Create .vscode/mcp.json in your project root:

// .vscode/mcp.json (project root)
{
  "servers": {
    "dlptest": {
      "type": "http",
      "url": "https://mcp.dlptest.com/"
    }
  }
}

Step 2 — Open the Copilot chat panel. The dlptest tools should appear in the tool list.

Other MCP Clients

Use the standard mcpServers config format your client expects:

{
  "mcpServers": {
    "dlptest": {
      "url": "https://mcp.dlptest.com/"
    }
  }
}

How to Use

Try it with curl

These three requests cover the full MCP handshake — from protocol init through a tool call.

# 1. initialize — protocol handshake
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "initialize",
    "params": {
      "protocolVersion": "2025-06-18",
      "capabilities": {},
      "clientInfo": { "name": "curl", "version": "0.0.1" }
    }
  }'
# 2. tools/list — discover available tools
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'
# 3. tools/call — invoke a tool (response-side DLP test)
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "generate_pii_ssn_ccn",
      "arguments": { "count": 5, "format": "csv" }
    }
  }'
Test prompt-side DLP

Most DLP products only inspect the response body. But in a real agent pipeline, sensitive content can also flow outward in the tool-call arguments — for example, a user pastes a document containing real SSNs and that text gets forwarded as a tool argument.

echo_sensitive_data — outbound argument inspection

Accepts any text as a payload argument and echoes it back unchanged. PII travels in the outbound request — a DLP product that only inspects responses will miss it. 

# echo_sensitive_data — PII travels in the *request* arguments
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 4,
    "method": "tools/call",
    "params": {
      "name": "echo_sensitive_data",
      "arguments": {
        "label": "test-run-1",
        "payload": "Patient: Jane Smith  SSN: 123-45-6789  CCN: 4111111111111111"
      }
    }
  }'

generate_prompt_context — RAG / system-prompt simulation

Returns prose paragraphs with PII embedded inline, mimicking how sensitive data arrives via RAG retrieval or an injected system prompt. Scenarios: medical-record, financial-statement, hr-file, customer-list. 

# generate_prompt_context — simulate RAG / system-prompt PII
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 5,
    "method": "tools/call",
    "params": {
      "name": "generate_prompt_context",
      "arguments": { "scenario": "medical-record", "count": 3, "format": "text" }
    }
  }'

probe_request — verify interception point

Returns the User-Agent, client IP, and timestamp seen by the server. Use it to confirm your proxy or endpoint agent is on the expected network leg. 

# probe_request — verify DLP is on the right network leg
curl -sS -X POST "https://mcp.dlptest.com/" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":6,"method":"tools/call","params":{"name":"probe_request","arguments":{}}}'
Test with a local instance

To test internal traffic inspection separately from internet egress, clone this repo and run npm run dev. The MCP endpoint is available at http://localhost:4321/api/mcp/. 

// Local instance (npm run dev → http://localhost:4321)
{
  "mcpServers": {
    "dlptest-local": {
      "type": "http",
      "url": "http://localhost:4321/api/mcp/"
    }
  }
}
What to look for in your DLP console

After running a few tool calls, check whether your product:

  • Caught synthetic SSNs, CCNs, or IBANs in the response body.
  • Caught PII in the request body (tool-call arguments) — use echo_sensitive_data to test this specifically.
  • Saw PII arriving as prose context, not tabular data — use generate_prompt_context.
  • Logged a connection to mcp.dlptest.com as an outbound MCP server contact.
  • Surfaced the tools/list handshake — a keyword-rich signal for pattern scanners.
  • Flagged the initial connection to an unapproved external MCP endpoint (CASB / network policy).

Tools Available

Data-generation tools accept count (1–500, default 50) and format ("json" or "csv", default "json").

Synthetic data generation
ToolData returned
generate_pii_ssn_ccnName + SSN + credit card
generate_pii_ssn_dobName + SSN + date of birth
generate_pci_credit_cardName + ZIP + CCN + expiry
generate_pii_emailName + DOB + email
generate_hipaa_phiName + DOB + MRN + ICD-10 + CPT + phone
generate_bankingName + routing + account + phone
generate_uk_identityName + UK NI + NHS + DOB
generate_canada_sinName + Canadian SIN + province + DOB
generate_passportName + passport + country + DOB + expiry
generate_eu_vatName + EU VAT + IBAN + country
generate_npi_providerName + NPI + DEA + specialty
generate_driver_licenseName + DL + state + DOB
generate_custom Arbitrary fields. Takes a fields array of { name, type, blankPct?, delimiter?, cardBrands? } — same types as the /generate/ page.
Prompt-side & diagnostic tools
ToolDescription
echo_sensitive_data Echoes a payload string back unchanged. PII travels in the outbound request arguments.
generate_prompt_context Returns prose paragraphs with inline PII simulating RAG retrieval or system-prompt injection. Scenarios: medical-record, financial-statement, hr-file, customer-list.
probe_request Returns User-Agent, client IP, and timestamp to confirm the interception point.
Background: Why this exists & sanctioned vs unsanctioned servers

DLP, CASB, and endpoint vendors increasingly claim they can inspect "agentic" or "AI tool" traffic. The most common transport for that traffic today is MCP — JSON-RPC 2.0 over HTTP. There are three distinct vectors to test:

  • Network / SSL inspection. Does your proxy decrypt and scan a tools/call response containing hundreds of fake SSNs?
  • Endpoint agent. Does the agent see both the outbound tool-call arguments and the data returned to the LLM?
  • CASB / browser extension. Does anything flag a connection to an unfamiliar external MCP server during the initial handshake?

This endpoint is intentionally public and unauthenticated — it represents an unsanctioned external server. A sanctioned internal MCP server, by contrast, requires an Authorization: Bearer <token> header and is reachable only from the corporate network or via VPN. The presence of an auth token flowing to an external endpoint is itself a DLP signal worth alerting on.

What your CASB or network DLP should detect when an agent connects here:

  • An outbound connection to mcp.dlptest.com (or any mcp.* domain not in the approved list).
  • A tools/list response — the fingerprint of an MCP handshake — from an unknown host.
  • Any Authorization token leaving the network to an unapproved destination.

The endpoint speaks the Streamable HTTP transport in stateless mode. Each request is a self-contained POST; no session IDs are issued and no GET stream is held open.