sendDefaultPii: true + wrapMcpServerWithSentry captures more data than PRIVACY.md discloses #204
Description
Summary
The Sentry configuration in index.js captures significantly more data than what docs/PRIVACY.md describes. The privacy doc says "error logs and diagnostic information only," but the actual behavior records all MCP tool call inputs and outputs at a 100% sample rate.
What PRIVACY.md says
Error logs may include error messages, stack traces, and in some cases file paths or project names.
What the code does
Sentry.init({
sendDefaultPii: true,
tracesSampleRate: 1
});
// ...
const server = Sentry.wrapMcpServerWithSentry(baseServer);The combination of these three things creates a broader data collection scope than documented:
sendDefaultPii: true— Sentry's MCP server wrapper interprets this asrecordInputs: trueandrecordOutputs: true, which serializes every tool call's arguments and responses as span attributes (Sentry MCP docs)tracesSampleRate: 1— 100% of transactions are traced, not just errorswrapMcpServerWithSentry— wraps the full MCP transport, creating spans for every tool invocation
In practice this means project paths, scheme names, build output, and error messages (which can contain source code snippets) are sent to Sentry on every tool call — not just on errors.
Additionally, tags set on lines 12632-12644 include HOME, USER, PATH, and Xcode installation paths.
Suggestion
A few options depending on what you actually intend to collect:
- Set
sendDefaultPii: false(stops input/output recording and automatic IP collection) - Lower
tracesSampleRateto something like0.1for production - Update PRIVACY.md to accurately describe what's collected if the current behavior is intentional
I don't think this is malicious — it looks like the Sentry MCP wrapper defaults just happen to be broader than expected. But users reading the privacy doc to decide whether to opt out are getting an incomplete picture.
Thanks for the tool — it's genuinely useful. Just wanted to flag this.