diff --git a/apps/example-app/app/devtools/ReactotronConfig.ts b/apps/example-app/app/devtools/ReactotronConfig.ts
index 5b3f0910b..1a746b2c5 100644
--- a/apps/example-app/app/devtools/ReactotronConfig.ts
+++ b/apps/example-app/app/devtools/ReactotronConfig.ts
@@ -22,6 +22,12 @@ const reactotron = Reactotron.configure({
     /** since this file gets hot reloaded, let's clear the past logs every time we connect */
     Reactotron.clear()
   },
+  // REDACTION TEST — exercises the two-key permission model.
+  mcpRedaction: {
+    disableRedaction: true,
+    removeRules: { sensitiveKeys: ["authorization"] },
+    additionalRules: { sensitiveKeys: ["myInternalField"] },
+  },
 })
   .use(apisaucePlugin({ ignoreContentTypes: /^(image)\/.*$/i }))
   .use(reactotronRedux())
diff --git a/apps/example-app/app/navigators/AppNavigator.tsx b/apps/example-app/app/navigators/AppNavigator.tsx
index b72d59ced..7d65aa5c1 100644
--- a/apps/example-app/app/navigators/AppNavigator.tsx
+++ b/apps/example-app/app/navigators/AppNavigator.tsx
@@ -37,6 +37,7 @@ export type AppStackParamList = {
   MobxStateTree: undefined
   AsyncStorage: undefined
   Redux: undefined
+  RedactionTest: undefined
 }
 
 /**
@@ -103,6 +104,11 @@ const AppStack = function AppStack() {
           options={{ title: "Async Storage" }}
         />
         <Stack.Screen name="Redux" component={Screens.ReduxScreen} />
+        <Stack.Screen
+          name="RedactionTest"
+          component={Screens.RedactionTestScreen}
+          options={{ title: "Redaction Test" }}
+        />
       </Stack.Group>
     </Stack.Navigator>
   )
diff --git a/apps/example-app/app/redux/index.ts b/apps/example-app/app/redux/index.ts
index 4a83c83d2..c496dd94f 100644
--- a/apps/example-app/app/redux/index.ts
+++ b/apps/example-app/app/redux/index.ts
@@ -3,6 +3,8 @@ import type { GetDefaultEnhancers } from "@reduxjs/toolkit/dist/getDefaultEnhanc
 import logoReducer from "../redux/logoSlice"
 import repoReducer from "../redux/repoSlice"
 import errorReducer from "../redux/errorSlice"
+// REDACTION TEST
+import redactionTestReducer from "../redux/redactionSlice"
 
 const createEnhancers = (getDefaultEnhancers: GetDefaultEnhancers<any>) => {
   if (__DEV__) {
@@ -18,6 +20,8 @@ export const store = configureStore({
     logo: logoReducer,
     repo: repoReducer,
     error: errorReducer,
+    // REDACTION TEST
+    redactionTest: redactionTestReducer,
   },
   enhancers: createEnhancers,
 })
diff --git a/apps/example-app/app/redux/redactionSlice.ts b/apps/example-app/app/redux/redactionSlice.ts
new file mode 100644
index 000000000..485a599fe
--- /dev/null
+++ b/apps/example-app/app/redux/redactionSlice.ts
@@ -0,0 +1,29 @@
+import { createSlice, PayloadAction } from "@reduxjs/toolkit"
+
+export interface RedactionTestState {
+  auth: {
+    username?: string
+    password?: string
+    accessToken?: string
+    api_key?: string
+    tokens?: { access?: string; refresh?: string }
+  }
+  settings: {
+    theme?: string
+    note?: string
+  }
+}
+
+const initialState: RedactionTestState = { auth: {}, settings: {} }
+
+const redactionSlice = createSlice({
+  name: "redactionTest",
+  initialState,
+  reducers: {
+    setSensitive: (_state, action: PayloadAction<RedactionTestState>) => action.payload,
+    clearSensitive: () => initialState,
+  },
+})
+
+export const { setSensitive, clearSensitive } = redactionSlice.actions
+export default redactionSlice.reducer
diff --git a/apps/example-app/app/screens/RedactionTestScreen.tsx b/apps/example-app/app/screens/RedactionTestScreen.tsx
new file mode 100644
index 000000000..4d5005130
--- /dev/null
+++ b/apps/example-app/app/screens/RedactionTestScreen.tsx
@@ -0,0 +1,332 @@
+/**
+ * Manual test harness for Reactotron's MCP redaction engine.
+ *
+ * Each button emits a sensitive payload onto one of the surfaces the MCP
+ * server exposes (network / redux / logs / async storage). To verify
+ * redaction, read back the same data from an MCP client (e.g. Claude Code
+ * via `claude mcp add --transport http reactotron http://localhost:4567/mcp`)
+ * and check the values listed in the comment above each button.
+ *
+ * Success criteria live inline in the code, next to the payload they
+ * describe. If a test begins failing, the comment tells you what SHOULD
+ * happen based on the intended contract — not what's currently
+ * working or broken in a specific build.
+ *
+ * The two-key permission model is exercised via this app's static
+ * `mcpRedaction` client config in `ReactotronConfig.ts` plus the two
+ * permission toggles in Reactotron's MCP settings modal.
+ */
+import React from "react"
+import AsyncStorage from "@react-native-async-storage/async-storage"
+import { ScrollView, TextStyle, View, ViewStyle } from "react-native"
+import { useDispatch } from "react-redux"
+import { Button, Text } from "app/components"
+import { AppStackScreenProps } from "app/navigators"
+import { colors, spacing } from "app/theme"
+import type { AppDispatch } from "app/redux"
+import { setSensitive as redactionSetSensitive } from "app/redux/redactionSlice"
+import { useSafeAreaInsetsStyle } from "app/utils/useSafeAreaInsetsStyle"
+
+interface RedactionTestScreenProps extends AppStackScreenProps<"RedactionTest"> {}
+
+export const RedactionTestScreen: React.FC<RedactionTestScreenProps> = function RedactionTestScreen() {
+  const dispatch = useDispatch<AppDispatch>()
+  const $bottomContainerInsets = useSafeAreaInsetsStyle(["bottom"])
+
+  return (
+    <ScrollView style={$container} contentContainerStyle={$bottomContainerInsets}>
+      <View style={$intro}>
+        <Text style={$text} preset="subheading">MCP redaction test harness</Text>
+        <Text style={$hint}>
+          Tap a button to emit a sensitive payload, then read it back via MCP
+          (e.g. in Claude Code). Expected redaction behavior is described above
+          each button in the source.
+        </Text>
+      </View>
+
+      {/* ──────────────────────────────────────────────────────────────────── */}
+      <Text style={$section}>Network</Text>
+
+      {/*
+        Fires an HTTPS POST carrying:
+          Request headers:
+            Authorization: Bearer <token>      → matches headerName "authorization" AND Bearer valuePattern
+            Cookie: session=<val>              → matches headerName "cookie"
+            X-Api-Key: <val>                   → matches headerName "x-api-key"
+            X-Keep-Me: <val>                   → no rule, should pass through
+          URL query string:
+            ?api_key=<val>                     → matches sensitiveKey "api_key" in URL params
+            &page=2                            → not sensitive, passes through
+          Request body (JSON string):
+            { password, api_key, accessToken } → sensitiveKeys
+            { note: "... sk-<token> ..." }     → value pattern sk-[A-Za-z0-9]{20,}
+            { user, title }                    → not sensitive
+
+        Read `reactotron://timeline/api.response` or
+             `reactotron://network/log`
+
+        Expected on both request AND response objects:
+          - headers.authorization / cookie / x-api-key → [REDACTED]
+          - headers.x-keep-me                           → preserved
+          - url / location include "api_key=[REDACTED]" but still show "page=2"
+          - response body.password / api_key / accessToken → [REDACTED]
+          - response body.title / user                     → preserved
+          - any string containing sk-<20+ chars>           → the substring becomes [REDACTED]
+      */}
+      <Button
+        text="Fire sensitive API call"
+        textStyle={$darkText}
+        style={$button}
+        onPress={() => {
+          fetch(
+            "https://jsonplaceholder.typicode.com/posts?api_key=SENSITIVE_SHOULD_REDACT&page=2",
+            {
+              method: "POST",
+              headers: {
+                "Content-Type": "application/json",
+                Authorization: "Bearer abcdef1234567890ABCDEFGHIJ",
+                Cookie: "session=sensitive-session-cookie",
+                "X-Api-Key": "sensitive-x-api-key-value",
+                "X-Keep-Me": "not-sensitive-header",
+              },
+              body: JSON.stringify({
+                title: "hello",
+                user: "alice",
+                password: "hunter2",
+                api_key: "nested-api-key",
+                accessToken: "nested-access-token",
+                note: "embedded token sk-AAAAAAAAAAAAAAAAAAAAAA should also be scrubbed",
+              }),
+            }
+          )
+            .then((r) => r.json())
+            .then((j) => console.log("[redaction-test network]", j))
+            .catch((e) => console.log("[redaction-test network] error", e))
+        }}
+      />
+
+      {/* ──────────────────────────────────────────────────────────────────── */}
+      <Text style={$section}>Redux state</Text>
+
+      {/*
+        Dispatches redactionTest/setSensitive, replacing state.redactionTest
+        with a tree containing:
+          auth:
+            username   → preserved (not sensitive)
+            password   → sensitiveKey match
+            api_key    → sensitiveKey match
+            accessToken → sensitiveKey match
+            tokens.access / tokens.refresh → NOT matched by default keys
+              (to exercise "State Path Patterns" configured in the Reactotron
+              MCP settings modal as "redactionTest.auth.tokens.*")
+          settings:
+            theme      → preserved
+            note       → contains embedded `sk-...` and `Bearer ...`, both
+                         should be redacted via value patterns
+
+        Read via MCP tool `request_state` with path="redactionTest":
+          - auth.username        → preserved
+          - auth.password etc.   → [REDACTED]
+          - auth.tokens.*        → [REDACTED] only if state-path pattern is
+                                   active AND the pattern is anchored
+                                   consistently with the requested path
+          - settings.note        → embedded tokens [REDACTED]
+          - settings.theme       → preserved
+      */}
+      <Button
+        text="Poison Redux state"
+        textStyle={$darkText}
+        style={$button}
+        onPress={() =>
+          dispatch(
+            redactionSetSensitive({
+              auth: {
+                username: "alice",
+                password: "hunter2",
+                accessToken: "direct-access-token",
+                api_key: "direct-api-key",
+                tokens: { access: "access-raw-value", refresh: "refresh-raw-value" },
+              },
+              settings: {
+                theme: "dark",
+                note: "embedded sk-ABCDEFGHIJKLMNOPQRSTUVWX and Bearer abcdef1234567890ABCDEFGH",
+              },
+            })
+          )
+        }
+      />
+
+      {/* ──────────────────────────────────────────────────────────────────── */}
+      <Text style={$section}>Logging</Text>
+
+      {/*
+        Logs one string per default value pattern plus an object with
+        sensitive keys. Read via `reactotron://timeline/log`.
+
+        Expected (per line):
+          "Bearer <alphanum>"   → the Bearer substring becomes [REDACTED]
+          "eyJ<hdr>.eyJ<pl>"    → the header.payload portion becomes
+                                  [REDACTED]; a short signature (< 10 chars)
+                                  after the final dot won't match
+          "sk-<20+ alphanum>"   → becomes [REDACTED]
+          "ghp_<30+ alphanum>"  → becomes [REDACTED]
+          "xoxb-…"              → becomes [REDACTED]
+
+        Object:
+          username              → preserved
+          password / api_key / accessToken → [REDACTED]
+          nested.credentials    → value replaced entirely (key match, so the
+                                  whole subtree becomes [REDACTED])
+      */}
+      <Button
+        text="Log value patterns + sensitive keys"
+        textStyle={$darkText}
+        style={$button}
+        onPress={() => {
+          console.log("Bearer header: Bearer abcdef1234567890ABCDEFGH")
+          console.log("JWT: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.ShortSigHere")
+          console.log("OpenAI: sk-ABCDEFGHIJKLMNOPQRSTUVWX")
+          console.log("GitHub PAT: ghp_ABCDEFGHIJKLMNOPQRSTUVWXYZ012345")
+          console.log("Slack: xoxb-1234567890-abcdefghij")
+          console.log("Object with sensitive keys:", {
+            username: "alice",
+            password: "hunter2",
+            api_key: "leaked",
+            accessToken: "leaked",
+            nested: { credentials: { token: "leaked" } },
+          })
+        }}
+      />
+
+      {/* ──────────────────────────────────────────────────────────────────── */}
+      <Text style={$section}>AsyncStorage</Text>
+
+      {/*
+        Performs a multiSet with namespaced keys that contain sensitive
+        substrings, plus a value that is a JSON-stringified object
+        containing sensitive fields and an embedded Bearer token.
+
+        Read via `reactotron://asyncstorage`.
+
+        Expected:
+          - Bearer token inside the JSON-string value → [REDACTED]
+                                                       (value pattern regex)
+
+        Edge cases this surface is known to stress:
+          - Bare values like "hunter2" don't match any default pattern or
+            key (the enclosing `pairs` shape stores them under numeric
+            sub-keys "0"/"1"), so they generally pass through. If a future
+            implementation splits the key on common separators (":", "/",
+            "_", ".") and treats matching segments as sensitive-key hits,
+            the raw values would become [REDACTED] too.
+          - A JSON-shaped string value currently only receives value-pattern
+            redaction; if the implementation gains JSON-aware parsing, the
+            nested `password` / `api_key` fields inside the string would
+            also redact.
+      */}
+      <Button
+        text="multiSet sensitive pairs"
+        textStyle={$darkText}
+        style={$button}
+        onPress={() => {
+          AsyncStorage.multiSet([
+            ["auth:password", "hunter2"],
+            ["auth:api_key", "leaked-api-key"],
+            ["auth:accessToken", "leaked-access-token"],
+            [
+              "auth:session",
+              JSON.stringify({
+                password: "hunter2",
+                api_key: "leaked",
+                note: "Bearer abcdef1234567890ABCDEFGH",
+              }),
+            ],
+          ])
+        }}
+      />
+
+      {/* ──────────────────────────────────────────────────────────────────── */}
+      <Text style={$section}>Client config (for two-key permission model)</Text>
+      <Text style={$hint}>
+        This app's Reactotron.configure() sends all three optional
+        client-side relaxations, so the two-key model is driven entirely
+        from the Reactotron desktop's MCP settings modal.
+      </Text>
+
+      {/*
+        Client `mcpRedaction` is defined statically in
+        `app/devtools/ReactotronConfig.ts`. See that file for the exact
+        payload sent to the server on connect.
+
+        Effective behavior depends on the desktop's two permission toggles:
+
+          "Allow apps to disable redaction entirely" OFF / "remove default
+          rules" OFF  (default):
+            - `disableRedaction` ignored → redaction stays on
+            - `removeRules` ignored      → defaults unchanged
+            - `additionalRules` honored  → myInternalField redacts
+
+          "disable" ON:
+            - On a per-client MCP tool call with clientId, redaction is
+              fully off for that client. Resource reads still fall back
+              to server defaults when multi-app is connected.
+
+          "remove default rules" ON:
+            - The `authorization` header rule is removed for that client
+              on per-client tool calls. Note the Bearer value pattern
+              will still catch "Bearer <token>" strings.
+
+        On a per-client MCP tool call (with clientId), the app's config
+        is consulted. On MCP resource reads (no clientId) while multiple
+        apps are connected, the server falls back to its defaults — this
+        is the safer merge strategy across apps that may disagree.
+      */}
+      <Text style={$code}>disableRedaction: true</Text>
+      <Text style={$code}>removeRules.sensitiveKeys: [&quot;authorization&quot;]</Text>
+      <Text style={$code}>additionalRules.sensitiveKeys: [&quot;myInternalField&quot;]</Text>
+
+      {/*
+        Tap this to dispatch an action whose payload includes
+        `myInternalField`. Because additionalRules always apply,
+        `myInternalField` should redact in the action payload shown by
+        the MCP `dispatch_action` tool's return value, regardless of
+        the two permission toggles.
+
+        Read via the return of `dispatch_action` (invoke with clientId).
+
+        Expected:
+          action.payload.myInternalField → [REDACTED]
+          action.payload.publicField     → preserved
+      */}
+      <Button
+        text="Dispatch action with myInternalField"
+        textStyle={$darkText}
+        style={$button}
+        onPress={() =>
+          dispatch({
+            type: "redactionTest/additionalRulesProbe",
+            payload: {
+              myInternalField: "should-redact-via-additionalRules",
+              publicField: "should-pass-through",
+            },
+          })
+        }
+      />
+    </ScrollView>
+  )
+}
+
+const $container: ViewStyle = { flex: 1, backgroundColor: colors.background }
+const $intro: ViewStyle = { paddingHorizontal: spacing.lg, paddingTop: spacing.xl, paddingBottom: spacing.md }
+const $section: TextStyle = {
+  color: colors.text,
+  paddingHorizontal: spacing.lg,
+  paddingTop: spacing.xl,
+  paddingBottom: spacing.xs,
+  fontWeight: "600",
+}
+const $text: TextStyle = { color: colors.text }
+const $hint: TextStyle = { color: colors.textDim, fontSize: 14, marginTop: spacing.xs, paddingHorizontal: spacing.lg }
+const $code: TextStyle = { color: colors.textDim, fontFamily: "monospace", paddingHorizontal: spacing.lg, paddingTop: spacing.xs }
+const $darkText: TextStyle = { color: colors.textDim }
+const $button: ViewStyle = { marginHorizontal: spacing.xxxl, marginTop: spacing.sm }
diff --git a/apps/example-app/app/screens/WelcomeScreen.tsx b/apps/example-app/app/screens/WelcomeScreen.tsx
index d6219da14..2a1044df5 100644
--- a/apps/example-app/app/screens/WelcomeScreen.tsx
+++ b/apps/example-app/app/screens/WelcomeScreen.tsx
@@ -72,6 +72,12 @@ export const WelcomeScreen: React.FC<WelcomeScreenProps> = function WelcomeScree
               navigation.navigate("Redux")
             }}
           />
+          <ListItem
+            text="Redaction Test"
+            onPress={() => {
+              navigation.navigate("RedactionTest")
+            }}
+          />
         </View>
       </ScrollView>
     </SafeAreaView>
diff --git a/apps/example-app/app/screens/index.ts b/apps/example-app/app/screens/index.ts
index f9bdc3c61..237e1dfbd 100644
--- a/apps/example-app/app/screens/index.ts
+++ b/apps/example-app/app/screens/index.ts
@@ -7,6 +7,7 @@ export * from "./MobxStateTreeScreen"
 export * from "./ReduxScreen"
 export * from "./ErrorGeneratorScreen"
 export * from "./AsyncStorageScreen"
+export * from "./RedactionTestScreen"
 
 export * from "./ErrorScreen/ErrorBoundary"
 // export other screens here
diff --git a/apps/reactotron-app/src/renderer/RootModals.tsx b/apps/reactotron-app/src/renderer/RootModals.tsx
index 7c5194318..a5031f44e 100644
--- a/apps/reactotron-app/src/renderer/RootModals.tsx
+++ b/apps/reactotron-app/src/renderer/RootModals.tsx
@@ -5,6 +5,8 @@ import {
   ReactotronContext,
   StateContext,
 } from "reactotron-core-ui"
+import StandaloneContext from "./contexts/Standalone"
+import McpSettingsModal from "./components/McpSettingsModal"
 
 function RootModals() {
   const {
@@ -19,6 +21,8 @@ function RootModals() {
     closeSubscriptionModal,
   } = useContext(ReactotronContext)
   const { addSubscription } = useContext(StateContext)
+  const { mcpSettingsOpen, closeMcpSettings, mcpRedactionConfig, updateMcpRedactionConfig } =
+    useContext(StandaloneContext)
 
   const dispatchAction = (action: any) => {
     sendCommand("state.action.dispatch", { action })
@@ -46,6 +50,12 @@ function RootModals() {
           addSubscription(path)
         }}
       />
+      <McpSettingsModal
+        isOpen={mcpSettingsOpen}
+        onClose={closeMcpSettings}
+        config={mcpRedactionConfig}
+        onUpdate={updateMcpRedactionConfig}
+      />
     </>
   )
 }
diff --git a/apps/reactotron-app/src/renderer/components/Footer/Footer.story.tsx b/apps/reactotron-app/src/renderer/components/Footer/Footer.story.tsx
index aea2c5e77..d95bb1c2e 100644
--- a/apps/reactotron-app/src/renderer/components/Footer/Footer.story.tsx
+++ b/apps/reactotron-app/src/renderer/components/Footer/Footer.story.tsx
@@ -66,6 +66,8 @@ storiesOf("components/Footer", module)
       mcpStatus="stopped"
       mcpPort={null}
       onToggleMcp={() => {}}
+      mcpRedactionEnforced
+      onOpenMcpSettings={() => {}}
     />
   ))
   .add("Collpased w/ connections", () => (
@@ -79,6 +81,8 @@ storiesOf("components/Footer", module)
       mcpStatus="stopped"
       mcpPort={null}
       onToggleMcp={() => {}}
+      mcpRedactionEnforced
+      onOpenMcpSettings={() => {}}
     />
   ))
   .add("Expanded", () => (
@@ -92,6 +96,8 @@ storiesOf("components/Footer", module)
       mcpStatus="stopped"
       mcpPort={null}
       onToggleMcp={() => {}}
+      mcpRedactionEnforced
+      onOpenMcpSettings={() => {}}
     />
   ))
   .add("Expanded w/ connections", () => (
@@ -105,6 +111,8 @@ storiesOf("components/Footer", module)
       mcpStatus="started"
       mcpPort={4567}
       onToggleMcp={() => {}}
+      mcpRedactionEnforced
+      onOpenMcpSettings={() => {}}
     />
   ))
   .add("Expanded w/ lots connections", () => (
@@ -118,5 +126,7 @@ storiesOf("components/Footer", module)
       mcpStatus="started"
       mcpPort={4567}
       onToggleMcp={() => {}}
+      mcpRedactionEnforced
+      onOpenMcpSettings={() => {}}
     />
   ))
diff --git a/apps/reactotron-app/src/renderer/components/Footer/Stateless.tsx b/apps/reactotron-app/src/renderer/components/Footer/Stateless.tsx
index 5aaccee36..bb6b8e580 100644
--- a/apps/reactotron-app/src/renderer/components/Footer/Stateless.tsx
+++ b/apps/reactotron-app/src/renderer/components/Footer/Stateless.tsx
@@ -1,6 +1,6 @@
 import React from "react"
 import styled from "styled-components"
-import { MdSwapVert as ExpandIcon } from "react-icons/md"
+import { MdSwapVert as ExpandIcon, MdSettings as SettingsIcon, MdShield as ShieldIcon } from "react-icons/md"
 
 import config from "../../config"
 import {
@@ -54,6 +54,12 @@ interface McpButtonProps {
   $active: boolean
 }
 
+const McpGroup = styled.div`
+  display: flex;
+  align-items: center;
+  gap: 2px;
+`
+
 const McpButton = styled.div.attrs(() => ({}))<McpButtonProps>`
   display: flex;
   align-items: center;
@@ -78,6 +84,25 @@ const McpDot = styled.div<McpButtonProps>`
   background-color: ${(props) => props.$active ? "#50c878" : props.theme.foregroundDark};
 `
 
+const McpSettingsButton = styled.div`
+  display: flex;
+  align-items: center;
+  cursor: pointer;
+  padding: 2px 4px;
+  border-radius: 3px;
+  color: ${(props) => props.theme.foregroundDark};
+  &:hover {
+    color: ${(props) => props.theme.foreground};
+    background-color: rgba(255,255,255,0.05);
+  }
+`
+
+const RedactionBadge = styled.span<{ $warning?: boolean }>`
+  display: flex;
+  align-items: center;
+  color: ${(props) => props.$warning ? "#e8a838" : "inherit"};
+`
+
 function renderExpanded(
   serverStatus: ServerStatus,
   connections: Connection[],
@@ -137,6 +162,8 @@ interface Props {
   mcpStatus: McpStatus
   mcpPort: number | null
   onToggleMcp: () => void
+  mcpRedactionEnforced: boolean
+  onOpenMcpSettings: () => void
 }
 
 function Header({
@@ -149,6 +176,8 @@ function Header({
   mcpStatus,
   mcpPort,
   onToggleMcp,
+  mcpRedactionEnforced,
+  onOpenMcpSettings,
 }: Props) {
   const renderMethod = isOpen ? renderExpanded : renderCollapsed
 
@@ -156,14 +185,29 @@ function Header({
     <Container>
       <ContentContainer onClick={() => !isOpen && setIsOpen(true)} $isOpen={isOpen}>
         {renderMethod(serverStatus, connections, selectedConnection, onChangeConnection)}
-        <McpButton
-          $active={mcpStatus === "started"}
-          onClick={(e) => { e.stopPropagation(); onToggleMcp() }}
-          title={mcpStatus === "started" ? `MCP running on port ${mcpPort}` : "Start MCP server"}
-        >
-          <McpDot $active={mcpStatus === "started"} />
-          {mcpStatus === "started" ? `MCP :${mcpPort}` : "MCP"}
-        </McpButton>
+        <McpGroup>
+          <McpButton
+            $active={mcpStatus === "started"}
+            onClick={(e) => { e.stopPropagation(); onToggleMcp() }}
+            title={mcpStatus === "started" ? `MCP running on port ${mcpPort}` : "Start MCP server"}
+          >
+            <McpDot $active={mcpStatus === "started"} />
+            {mcpStatus === "started" ? `MCP :${mcpPort}` : "MCP"}
+            {mcpStatus === "started" && (
+              mcpRedactionEnforced
+                ? <RedactionBadge title="Sensitive data is redacted"><ShieldIcon size={10} /></RedactionBadge>
+                : <RedactionBadge $warning title="Redaction disabled — sensitive data exposed"><ShieldIcon size={10} /></RedactionBadge>
+            )}
+          </McpButton>
+          {mcpStatus === "started" && (
+            <McpSettingsButton
+              onClick={(e) => { e.stopPropagation(); onOpenMcpSettings() }}
+              title="MCP redaction settings"
+            >
+              <SettingsIcon size={14} />
+            </McpSettingsButton>
+          )}
+        </McpGroup>
         <ExpandContainer onClick={() => setIsOpen(!isOpen)}>
           <ExpandIcon size={18} />
         </ExpandContainer>
diff --git a/apps/reactotron-app/src/renderer/components/Footer/index.tsx b/apps/reactotron-app/src/renderer/components/Footer/index.tsx
index 31afb69ff..db84bdcc2 100644
--- a/apps/reactotron-app/src/renderer/components/Footer/index.tsx
+++ b/apps/reactotron-app/src/renderer/components/Footer/index.tsx
@@ -5,8 +5,10 @@ import StandaloneContext from "../../contexts/Standalone"
 import Footer from "./Stateless"
 
 export default function ConnectedFooter() {
-  const { serverStatus, connections, selectedConnection, selectConnection, mcpStatus, mcpPort, toggleMcp } =
-    useContext(StandaloneContext)
+  const {
+    serverStatus, connections, selectedConnection, selectConnection,
+    mcpStatus, mcpPort, toggleMcp, mcpRedactionEnforced, openMcpSettings,
+  } = useContext(StandaloneContext)
   const [isOpen, setIsOpen] = useState(false)
 
   return (
@@ -20,6 +22,8 @@ export default function ConnectedFooter() {
       mcpStatus={mcpStatus}
       mcpPort={mcpPort}
       onToggleMcp={toggleMcp}
+      mcpRedactionEnforced={mcpRedactionEnforced}
+      onOpenMcpSettings={openMcpSettings}
     />
   )
 }
diff --git a/apps/reactotron-app/src/renderer/components/McpSettingsModal/index.tsx b/apps/reactotron-app/src/renderer/components/McpSettingsModal/index.tsx
new file mode 100644
index 000000000..73860f8c4
--- /dev/null
+++ b/apps/reactotron-app/src/renderer/components/McpSettingsModal/index.tsx
@@ -0,0 +1,245 @@
+import React, { useState, useCallback, useEffect } from "react"
+import styled from "styled-components"
+import { Modal } from "reactotron-core-ui"
+import { DEFAULT_SERVER_CONFIG, type McpRedactionServerConfig } from "reactotron-mcp"
+
+const Section = styled.div`
+  margin-top: 16px;
+`
+
+const SectionTitle = styled.h3`
+  margin: 0 0 8px 0;
+  font-size: 14px;
+  font-weight: 600;
+  color: ${(props) => props.theme.foreground};
+`
+
+const Label = styled.label`
+  display: block;
+  font-size: 12px;
+  color: ${(props) => props.theme.foregroundDark};
+  margin-bottom: 4px;
+`
+
+const TagContainer = styled.div`
+  display: flex;
+  flex-wrap: wrap;
+  gap: 4px;
+  margin-bottom: 8px;
+  padding: 4px;
+  border: 1px solid ${(props) => props.theme.chromeLine};
+  border-radius: 4px;
+  background-color: ${(props) => props.theme.backgroundSubtleDark};
+`
+
+const Tag = styled.span`
+  display: inline-flex;
+  align-items: center;
+  gap: 4px;
+  padding: 2px 6px;
+  border-radius: 3px;
+  font-size: 11px;
+  font-family: monospace;
+  background-color: ${(props) => props.theme.backgroundHighlight};
+  color: ${(props) => props.theme.foreground};
+`
+
+const TagRemove = styled.button`
+  background: none;
+  border: none;
+  color: ${(props) => props.theme.foregroundDark};
+  cursor: pointer;
+  padding: 0;
+  font-size: 14px;
+  line-height: 1;
+  &:hover {
+    color: ${(props) => props.theme.foreground};
+  }
+`
+
+const AddInput = styled.input`
+  border: 1px solid ${(props) => props.theme.chromeLine};
+  background-color: ${(props) => props.theme.backgroundSubtleDark};
+  color: ${(props) => props.theme.foreground};
+  padding: 4px 8px;
+  border-radius: 4px;
+  font-size: 12px;
+  font-family: monospace;
+  width: 100%;
+  box-sizing: border-box;
+  margin-bottom: 12px;
+  &::placeholder {
+    color: ${(props) => props.theme.foregroundDark};
+    opacity: 0.6;
+  }
+`
+
+const CheckboxRow = styled.label`
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  font-size: 12px;
+  color: ${(props) => props.theme.foreground};
+  cursor: pointer;
+  margin-bottom: 8px;
+`
+
+const Description = styled.span`
+  color: ${(props) => props.theme.foregroundDark};
+  font-size: 11px;
+`
+
+const ResetButton = styled.button`
+  display: block;
+  margin-left: auto;
+  margin-top: -28px;
+  background: none;
+  border: 1px solid ${(props) => props.theme.chromeLine};
+  border-radius: 4px;
+  color: ${(props) => props.theme.foreground};
+  font-size: 12px;
+  padding: 4px 10px;
+  cursor: pointer;
+  &:hover {
+    background-color: rgba(255, 255, 255, 0.06);
+    border-color: ${(props) => props.theme.foreground};
+  }
+`
+
+interface TagListEditorProps {
+  label: string
+  placeholder: string
+  values: string[]
+  onChange: (values: string[]) => void
+}
+
+function TagListEditor({ label, placeholder, values, onChange }: TagListEditorProps) {
+  const [inputValue, setInputValue] = useState("")
+
+  const handleKeyDown = useCallback((e: React.KeyboardEvent<HTMLInputElement>) => {
+    if (e.key === "Enter" && inputValue.trim()) {
+      e.preventDefault()
+      const newVal = inputValue.trim()
+      if (!values.includes(newVal)) {
+        onChange([...values, newVal])
+      }
+      setInputValue("")
+    }
+  }, [inputValue, values, onChange])
+
+  const removeTag = useCallback((index: number) => {
+    onChange(values.filter((_, i) => i !== index))
+  }, [values, onChange])
+
+  return (
+    <div>
+      <Label>{label}</Label>
+      {values.length > 0 && (
+        <TagContainer>
+          {values.map((v, i) => (
+            <Tag key={i}>
+              {v}
+              <TagRemove onClick={() => removeTag(i)}>&times;</TagRemove>
+            </Tag>
+          ))}
+        </TagContainer>
+      )}
+      <AddInput
+        value={inputValue}
+        onChange={(e) => setInputValue(e.target.value)}
+        onKeyDown={handleKeyDown}
+        placeholder={placeholder}
+      />
+    </div>
+  )
+}
+
+interface Props {
+  isOpen: boolean
+  onClose: () => void
+  config: McpRedactionServerConfig
+  onUpdate: (config: Partial<McpRedactionServerConfig>) => void
+}
+
+export default function McpSettingsModal({ isOpen, onClose, config, onUpdate }: Props) {
+  const [localConfig, setLocalConfig] = useState(config)
+
+  useEffect(() => {
+    if (isOpen) setLocalConfig(config)
+  }, [isOpen, config])
+
+  const updateDefaults = useCallback((patch: Partial<McpRedactionServerConfig["defaults"]>) => {
+    const next = { ...localConfig, defaults: { ...localConfig.defaults, ...patch } }
+    setLocalConfig(next)
+    onUpdate(next)
+  }, [localConfig, onUpdate])
+
+  const updatePermission = useCallback((key: "allowClientDisable" | "allowClientRemoveRules", value: boolean) => {
+    const next = { ...localConfig, [key]: value }
+    setLocalConfig(next)
+    onUpdate(next)
+  }, [localConfig, onUpdate])
+
+  const resetToDefaults = useCallback(() => {
+    setLocalConfig(DEFAULT_SERVER_CONFIG)
+    onUpdate(DEFAULT_SERVER_CONFIG)
+  }, [onUpdate])
+
+  return (
+    <Modal isOpen={isOpen} onClose={onClose} title="MCP Redaction Settings">
+      <ResetButton onClick={resetToDefaults}>Reset to defaults</ResetButton>
+      <Section>
+        <SectionTitle>Sensitive Keys</SectionTitle>
+        <Description>Field and HTTP header names redacted wherever found in payloads (case-insensitive)</Description>
+        <TagListEditor
+          label=""
+          placeholder="Type key or header name and press Enter"
+          values={localConfig.defaults.sensitiveKeys ?? []}
+          onChange={(v) => updateDefaults({ sensitiveKeys: v })}
+        />
+      </Section>
+
+      <Section>
+        <SectionTitle>State Path Patterns</SectionTitle>
+        <Description>Dot-separated paths to redact in state (supports trailing wildcard, e.g. auth.tokens.*)</Description>
+        <TagListEditor
+          label=""
+          placeholder="Type state path and press Enter"
+          values={localConfig.defaults.statePathPatterns ?? []}
+          onChange={(v) => updateDefaults({ statePathPatterns: v })}
+        />
+      </Section>
+
+      <Section>
+        <SectionTitle>Value Patterns</SectionTitle>
+        <Description>Regex patterns matched against string values</Description>
+        <TagListEditor
+          label=""
+          placeholder="Type regex pattern and press Enter"
+          values={localConfig.defaults.valuePatterns ?? []}
+          onChange={(v) => updateDefaults({ valuePatterns: v })}
+        />
+      </Section>
+
+      <Section>
+        <SectionTitle>Client Permissions</SectionTitle>
+        <CheckboxRow>
+          <input
+            type="checkbox"
+            checked={localConfig.allowClientDisable}
+            onChange={(e) => updatePermission("allowClientDisable", e.target.checked)}
+          />
+          Allow apps to disable redaction entirely
+        </CheckboxRow>
+        <CheckboxRow>
+          <input
+            type="checkbox"
+            checked={localConfig.allowClientRemoveRules}
+            onChange={(e) => updatePermission("allowClientRemoveRules", e.target.checked)}
+          />
+          Allow apps to remove default rules
+        </CheckboxRow>
+      </Section>
+    </Modal>
+  )
+}
diff --git a/apps/reactotron-app/src/renderer/config.ts b/apps/reactotron-app/src/renderer/config.ts
index c3ed7f7d8..e46ab69f0 100644
--- a/apps/reactotron-app/src/renderer/config.ts
+++ b/apps/reactotron-app/src/renderer/config.ts
@@ -1,9 +1,15 @@
 import Store from "electron-store"
+import { DEFAULT_REDACTION_RULES, DEFAULT_SERVER_CONFIG } from "reactotron-mcp"
 
 type StoreType = {
   serverPort: number
   commandHistory: number
   mcpPort: number
+  mcpRedactionSensitiveKeys: string[]
+  mcpRedactionStatePathPatterns: string[]
+  mcpRedactionValuePatterns: string[]
+  mcpAllowClientDisable: boolean
+  mcpAllowClientRemoveRules: boolean
 }
 
 const config = new Store<StoreType>({
@@ -20,6 +26,29 @@ const config = new Store<StoreType>({
       type: "number",
       default: 4567,
     },
+    mcpRedactionSensitiveKeys: {
+      type: "array",
+      items: { type: "string" },
+      default: DEFAULT_REDACTION_RULES.sensitiveKeys,
+    },
+    mcpRedactionStatePathPatterns: {
+      type: "array",
+      items: { type: "string" },
+      default: DEFAULT_REDACTION_RULES.statePathPatterns,
+    },
+    mcpRedactionValuePatterns: {
+      type: "array",
+      items: { type: "string" },
+      default: DEFAULT_REDACTION_RULES.valuePatterns,
+    },
+    mcpAllowClientDisable: {
+      type: "boolean",
+      default: DEFAULT_SERVER_CONFIG.allowClientDisable,
+    },
+    mcpAllowClientRemoveRules: {
+      type: "boolean",
+      default: DEFAULT_SERVER_CONFIG.allowClientRemoveRules,
+    },
   },
 })
 
diff --git a/apps/reactotron-app/src/renderer/contexts/Standalone/index.tsx b/apps/reactotron-app/src/renderer/contexts/Standalone/index.tsx
index 8e30bf0dd..ab5c04c4f 100644
--- a/apps/reactotron-app/src/renderer/contexts/Standalone/index.tsx
+++ b/apps/reactotron-app/src/renderer/contexts/Standalone/index.tsx
@@ -1,6 +1,7 @@
-import React, { useRef, useEffect, useCallback, useState } from "react"
+import React, { useRef, useEffect, useCallback, useState, useMemo } from "react"
 import Server, { createServer } from "reactotron-core-server"
-import { createMcpServer, type ReactotronMcpServer } from "reactotron-mcp"
+import { createMcpServer, type ReactotronMcpServer, type McpRedactionServerConfig } from "reactotron-mcp"
+import type { McpRedactionConfig } from "reactotron-core-contract"
 
 import ReactotronBrain from "../../ReactotronBrain"
 import config from "../../config"
@@ -9,6 +10,18 @@ import useStandalone, { Connection, ServerStatus } from "./useStandalone"
 
 export type McpStatus = "stopped" | "started" | "error"
 
+function readRedactionConfig(): McpRedactionServerConfig {
+  return {
+    defaults: {
+      sensitiveKeys: config.get("mcpRedactionSensitiveKeys") as string[],
+      statePathPatterns: config.get("mcpRedactionStatePathPatterns") as string[],
+      valuePatterns: config.get("mcpRedactionValuePatterns") as string[],
+    },
+    allowClientDisable: config.get("mcpAllowClientDisable") as boolean,
+    allowClientRemoveRules: config.get("mcpAllowClientRemoveRules") as boolean,
+  }
+}
+
 // TODO: Move up to better places like core somewhere!
 interface Context {
   serverStatus: ServerStatus
@@ -18,6 +31,12 @@ interface Context {
   mcpStatus: McpStatus
   mcpPort: number | null
   toggleMcp: () => void
+  mcpRedactionEnforced: boolean
+  openMcpSettings: () => void
+  closeMcpSettings: () => void
+  mcpSettingsOpen: boolean
+  updateMcpRedactionConfig: (cfg: Partial<McpRedactionServerConfig>) => void
+  mcpRedactionConfig: McpRedactionServerConfig
 }
 
 const StandaloneContext = React.createContext<Context>({
@@ -28,6 +47,12 @@ const StandaloneContext = React.createContext<Context>({
   mcpStatus: "stopped",
   mcpPort: null,
   toggleMcp: () => {},
+  mcpRedactionEnforced: true,
+  openMcpSettings: () => {},
+  closeMcpSettings: () => {},
+  mcpSettingsOpen: false,
+  updateMcpRedactionConfig: () => {},
+  mcpRedactionConfig: readRedactionConfig(),
 })
 
 const Provider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
@@ -78,6 +103,46 @@ const Provider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
   const mcpServerRef = useRef<ReactotronMcpServer>(null)
   const [mcpStatus, setMcpStatus] = useState<McpStatus>("stopped")
   const [mcpPort, setMcpPort] = useState<number | null>(null)
+  const [mcpSettingsOpen, setMcpSettingsOpen] = useState(false)
+  const [mcpRedactionConfig, setMcpRedactionConfig] = useState<McpRedactionServerConfig>(readRedactionConfig)
+
+  // True unless a connected client has actually opted out via a permission
+  // the server is honoring. Toggling permissions alone doesn't flip this.
+  const mcpRedactionEnforced = useMemo(() => {
+    const { allowClientDisable, allowClientRemoveRules } = mcpRedactionConfig
+    if (!allowClientDisable && !allowClientRemoveRules) return true
+    return !connections.some((c) => {
+      const cfg = (c as unknown as { mcpRedaction?: McpRedactionConfig }).mcpRedaction
+      if (!cfg) return false
+      if (allowClientDisable && cfg.disableRedaction) return true
+      if (allowClientRemoveRules && cfg.removeRules) return true
+      return false
+    })
+  }, [connections, mcpRedactionConfig.allowClientDisable, mcpRedactionConfig.allowClientRemoveRules])
+
+  const openMcpSettings = useCallback(() => setMcpSettingsOpen(true), [])
+  const closeMcpSettings = useCallback(() => setMcpSettingsOpen(false), [])
+
+  const updateMcpRedactionConfig = useCallback((cfg: Partial<McpRedactionServerConfig>) => {
+    setMcpRedactionConfig((prev) => {
+      const next: McpRedactionServerConfig = {
+        ...prev,
+        ...cfg,
+        defaults: cfg.defaults ? { ...prev.defaults, ...cfg.defaults } : prev.defaults,
+      }
+      // Persist to electron-store
+      config.set("mcpRedactionSensitiveKeys", next.defaults.sensitiveKeys ?? [])
+      config.set("mcpRedactionStatePathPatterns", next.defaults.statePathPatterns ?? [])
+      config.set("mcpRedactionValuePatterns", next.defaults.valuePatterns ?? [])
+      config.set("mcpAllowClientDisable", next.allowClientDisable)
+      config.set("mcpAllowClientRemoveRules", next.allowClientRemoveRules)
+      // Update running MCP server if active
+      if (mcpServerRef.current) {
+        mcpServerRef.current.updateRedactionConfig(next)
+      }
+      return next
+    })
+  }, [])
 
   // Clean up MCP server on unmount
   useEffect(() => {
@@ -101,7 +166,7 @@ const Provider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
       setMcpPort(null)
     } else {
       const port = config.get("mcpPort") as number
-      const mcp = createMcpServer(reactotronServer.current)
+      const mcp = createMcpServer(reactotronServer.current, mcpRedactionConfig)
       mcp.start(port).then(() => {
         mcpServerRef.current = mcp
         setMcpStatus("started")
@@ -111,7 +176,7 @@ const Provider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
         setMcpPort(null)
       })
     }
-  }, [mcpStatus])
+  }, [mcpStatus, mcpRedactionConfig])
 
   const sendCommand = useCallback(
     (type: string, payload: any, clientId?: string) => {
@@ -133,6 +198,12 @@ const Provider: React.FC<{ children: React.ReactNode }> = ({ children }) => {
         mcpStatus,
         mcpPort,
         toggleMcp,
+        mcpRedactionEnforced,
+        openMcpSettings,
+        closeMcpSettings,
+        mcpSettingsOpen,
+        updateMcpRedactionConfig,
+        mcpRedactionConfig,
       }}
     >
       <ReactotronBrain
diff --git a/docs/mcp.md b/docs/mcp.md
index 72f1b06bb..a734a6474 100644
--- a/docs/mcp.md
+++ b/docs/mcp.md
@@ -49,12 +49,81 @@ Claude Code can also interact with your running app:
 
 If multiple apps are connected to Reactotron, Claude Code will ask which app you're working on. It can auto-detect the right app when only one is connected.
 
+## Redaction
+
+Reactotron applies a default-on redaction pass to every MCP response, replacing well-known sensitive field names and token formats with `[REDACTED]` before they leave the server. A shield icon next to the MCP button reflects the live state: **green** while redaction is fully enforced, **amber** when at least one connected client has opted out via a permission you've granted. Redaction is defence in depth — see the [Limitations and gotchas](#limitations-and-gotchas) section for the audit you should do before connecting an LLM.
+
+### What gets redacted
+
+Out of the box, the following are replaced with `[REDACTED]`:
+
+- **Sensitive keys** (matched at any nesting level, case-insensitive) — credentials like `password`/`passwd`/`pwd`, `secret`, `client_secret`, `private_key`, `credentials`, `ssn`, `creditcard`; API keys like `api_key`/`apikey`/`x-api-key`; auth tokens like `token`, `bearer`, `jwt`, `access_token`, `refresh_token`, `id_token`; session/CSRF like `session`/`sessionid`, `csrf`/`xsrf`; HTTP header names like `Authorization`, `Cookie`, `Set-Cookie`, `Proxy-Authorization`, `X-Auth-Token`, `X-CSRF-Token`, `X-XSRF-Token`, `X-Forwarded-For`, `X-Real-IP`; and common variants
+- **String values** matching common token formats — Bearer tokens, JWTs (`eyJ...`), OpenAI keys (`sk-...`), Anthropic keys (`sk-ant-...`), GitHub PATs/OAuth/user-to-server tokens (`ghp_/ghs_/gho_/ghu_/ghr_...`), Slack tokens (`xoxb-...`), AWS access key IDs (`AKIA...`), Google API keys (`AIza...`), Stripe keys (`sk_live_/pk_test_/...`), and PEM-encoded private key blocks
+- **URL query parameters** whose names match any sensitive key (e.g. `?api_key=abc` becomes `?api_key=[REDACTED]`)
+- **Form-urlencoded bodies** — strings shaped like `k=v&k=v` (e.g. `application/x-www-form-urlencoded` request bodies) get the same per-field redaction as URL query parameters
+
+### Configuring redaction in Reactotron
+
+Click the gear icon next to the MCP button to open the redaction settings modal. From there you can:
+
+- Add or remove **sensitive keys** (covers both payload field names and HTTP header names), **state path patterns**, and **value patterns** (regex)
+- Toggle whether connected apps are allowed to **disable redaction entirely** (off by default)
+- Toggle whether connected apps are allowed to **remove default rules** (off by default)
+
+State path patterns use dot-separated paths and support a trailing wildcard. For example, `auth.tokens.*` redacts every key under `auth.tokens` in your app state.
+
+Changes take effect on the next MCP request — no restart needed.
+
+### Client-side configuration
+
+Apps can send redaction preferences during the Reactotron connection handshake via the `mcpRedaction` option:
+
+```js
+Reactotron.configure({
+  // ... other options
+  mcpRedaction: {
+    // Merge additional rules on top of server defaults (always allowed)
+    additionalRules: {
+      sensitiveKeys: ["myInternalField", "x-internal-auth"],
+    },
+    // Request removal of specific default rules (requires server permission)
+    removeRules: {
+      sensitiveKeys: ["cookie"],
+    },
+    // Request disabling redaction entirely (requires server permission)
+    disableRedaction: true,
+  },
+})
+```
+
+This uses a **two-key model**: the server always applies its default rules unless *both* the client requests a relaxation *and* the server has enabled the corresponding permission in the settings modal. This prevents a misconfigured app from accidentally exposing secrets.
+
+### Multi-app redaction
+
+When multiple apps are connected, **each app's data is redacted with that app's own configuration**, even within a single MCP response that aggregates events from several apps (timeline, network, asyncstorage, etc.). One app's `additionalRules` won't redact another app's data, and one app's `removeRules` won't weaken redaction for any other app's data.
+
+### Limitations and gotchas
+
+> **Audit your app's payloads before pointing an LLM at the MCP server.** Redaction is defence in depth, not a guarantee. The default rules catch widely-used names and token formats, but anything app-specific (custom field names, homegrown token shapes, bare values without a recognisable shape) passes through unredacted. Do the audit *before* connecting any LLM — once an LLM has seen a secret, you can't unsend it. Two practical ways to audit: search your codebase for the field names you store credentials, tokens, or PII under, and inspect a normal Reactotron desktop session (the desktop UI is unredacted, so what you see there is roughly what an LLM would see minus the default-rule matches). Add anything sensitive to `additionalRules` (or to the desktop's settings modal) before the first LLM connection.
+
+A few specific things worth knowing:
+
+- **The Reactotron desktop UI is not redacted.** Redaction only happens at the MCP boundary. The desktop UI shows captured data verbatim — that's by design, since you're debugging your own app.
+- **Redaction is a blocklist, not an allowlist.** Field names that aren't in `sensitiveKeys` and string values that don't match any `valuePatterns` regex pass through verbatim. A field literally called `mySpecialSecret` or a homegrown token format like `xz-…-…` is invisible to the default rules. Add them via the settings modal or `additionalRules`.
+- **AsyncStorage values rely on the storage key carrying the sensitive name.** `AsyncStorage.setItem("auth:password", "hunter2")` redacts because the storage key contains `password`. `AsyncStorage.setItem("appData", "hunter2")` does *not* — neither the key nor the bare value match any default rule, so the value passes through verbatim. If your app stores secrets under non-descriptive storage keys, redaction won't help. Use the `ignore` option on the AsyncStorage plugin to skip those keys entirely.
+- **State path patterns only fire at known anchors.** The `reactotron://state/current` resource and the `request_state` tool both pass the originating state path so absolute patterns (e.g. `auth.tokens.*`) match correctly. Other resources don't carry that anchor and can't apply path-based rules. If a sensitive subtree never matches by key name or value pattern, path patterns alone may not catch it.
+- **State path patterns support trailing wildcard only.** `auth.tokens.*` works. `users.*.password` does not — you'd need to add `password` to `sensitiveKeys` (it already is by default) or list each path explicitly.
+- **Custom commands and `display` payloads are walked generically.** If you emit free-form data via `Reactotron.display(...)` or a custom command, only key-name and value-pattern rules apply. Sensitive content in arbitrary shapes is on you.
+- **Server defaults apply at the boundary, not at storage.** The relay server still receives the full payload over the WebSocket and stores it in the in-memory event buffer. Anyone with desktop access (or who can attach a debugger to the Reactotron process) can see the unredacted data. Redaction stops the data from reaching the MCP client; it does not encrypt anything at rest.
+
 ## Configuration
 
-The MCP port defaults to **4567** and can be changed in Reactotron's settings (stored via electron-store as `mcpPort`).
+The MCP port defaults to **4567**. There's no in-app UI to change it; the value is stored as `mcpPort` in Reactotron's electron-store config — at `~/Library/Application Support/Reactotron/config.json` on macOS, `%APPDATA%\Reactotron\config.json` on Windows, or `~/.config/Reactotron/config.json` on Linux. Edit the JSON and restart Reactotron to pick up the new port.
 
 The server only binds to `127.0.0.1` (localhost) and is not accessible from other machines on your network.
 
+The MCP buffer holds the most recent **500 commands** from the relay. Once that fills, the oldest events drop off — the timeline / network / state resources only reflect what's still in the buffer. Use the `clear_timeline` tool to reset it before reproducing a specific issue.
+
 ## Image overlay
 
 The `show_overlay` tool lets Claude Code overlay an image on your running app — useful for comparing a design mockup against the actual UI.
diff --git a/lib/reactotron-core-client/src/client-options.ts b/lib/reactotron-core-client/src/client-options.ts
index a74d33ec4..91c9e36dd 100644
--- a/lib/reactotron-core-client/src/client-options.ts
+++ b/lib/reactotron-core-client/src/client-options.ts
@@ -1,3 +1,4 @@
+import type { McpRedactionConfig } from "reactotron-core-contract"
 import type { LifeCycleMethods, PluginCreator } from "./reactotron-core-client"
 import NodeWebSocket from "ws"
 
@@ -88,4 +89,10 @@ export interface ClientOptions<Client> extends Omit<LifeCycleMethods, "onCommand
   getClientId?: (name: string) => Promise<string>
 
   proxyHack?: boolean
+
+  /**
+   * MCP redaction configuration sent to the server during client.intro.
+   * Controls how sensitive data is filtered when exposed via MCP.
+   */
+  mcpRedaction?: McpRedactionConfig
 }
diff --git a/lib/reactotron-core-client/src/reactotron-core-client.ts b/lib/reactotron-core-client/src/reactotron-core-client.ts
index 78d7d92ff..475b6c34c 100644
--- a/lib/reactotron-core-client/src/reactotron-core-client.ts
+++ b/lib/reactotron-core-client/src/reactotron-core-client.ts
@@ -264,6 +264,7 @@ export class ReactotronImpl
       name,
       client = {},
       getClientId,
+      mcpRedaction,
     } = this.options
     const { onCommand, onConnect, onDisconnect } = this.options
 
@@ -290,6 +291,7 @@ export class ReactotronImpl
           name: name!,
           clientId,
           reactotronCoreClientVersion: "REACTOTRON_CORE_CLIENT_VERSION",
+          ...(mcpRedaction ? { mcpRedaction } : {}),
         })
 
         // flush the send queue
diff --git a/lib/reactotron-core-contract/src/clientIntro.ts b/lib/reactotron-core-contract/src/clientIntro.ts
index eb9986df5..5babaa11d 100644
--- a/lib/reactotron-core-contract/src/clientIntro.ts
+++ b/lib/reactotron-core-contract/src/clientIntro.ts
@@ -1,3 +1,5 @@
+import type { McpRedactionConfig } from "./mcpRedaction"
+
 export interface ClientIntroPayload {
   name: string
   clientId?: string
@@ -5,4 +7,6 @@ export interface ClientIntroPayload {
   reactotronVersion?: string
   /** Additional fields added by server on receipt */
   address?: string
+  /** MCP redaction configuration from the client app */
+  mcpRedaction?: McpRedactionConfig
 }
diff --git a/lib/reactotron-core-contract/src/mcpRedaction.ts b/lib/reactotron-core-contract/src/mcpRedaction.ts
new file mode 100644
index 000000000..fe1f4a695
--- /dev/null
+++ b/lib/reactotron-core-contract/src/mcpRedaction.ts
@@ -0,0 +1,17 @@
+export interface McpRedactionRules {
+  /** Object key names to redact wherever found (case-insensitive match) */
+  sensitiveKeys?: string[]
+  /** State paths to redact (dot-separated, supports trailing wildcard "auth.tokens.*") */
+  statePathPatterns?: string[]
+  /** Regex patterns matched against string values */
+  valuePatterns?: string[]
+}
+
+export interface McpRedactionConfig {
+  /** If true, client requests opting out of redaction (requires server approval) */
+  disableRedaction?: boolean
+  /** Additional rules to merge on top of server defaults */
+  additionalRules?: McpRedactionRules
+  /** Specific default rules to remove (requires server approval) */
+  removeRules?: McpRedactionRules
+}
diff --git a/lib/reactotron-core-contract/src/reactotron-core-contract.ts b/lib/reactotron-core-contract/src/reactotron-core-contract.ts
index 259dc57f8..b150ecfda 100644
--- a/lib/reactotron-core-contract/src/reactotron-core-contract.ts
+++ b/lib/reactotron-core-contract/src/reactotron-core-contract.ts
@@ -8,6 +8,7 @@ export * from "./diff"
 export * from "./display"
 export * from "./image"
 export * from "./log"
+export * from "./mcpRedaction"
 export * from "./openInEditor"
 export * from "./repl"
 export * from "./sagaTaskComplete"
diff --git a/lib/reactotron-mcp/src/index.ts b/lib/reactotron-mcp/src/index.ts
index 1db00b904..d77dbfc1b 100644
--- a/lib/reactotron-mcp/src/index.ts
+++ b/lib/reactotron-mcp/src/index.ts
@@ -1,2 +1,12 @@
 export { createMcpServer } from "./mcp-server"
 export type { ReactotronMcpServer } from "./mcp-server"
+export {
+  DEFAULT_REDACTION_RULES,
+  DEFAULT_SERVER_CONFIG,
+  REDACTED,
+  redact,
+  resolveEffectiveRules,
+  createRedactor,
+  getClientRedactionConfig,
+} from "./redaction"
+export type { McpRedactionServerConfig, Redactor } from "./redaction"
diff --git a/lib/reactotron-mcp/src/mcp-server.ts b/lib/reactotron-mcp/src/mcp-server.ts
index 323533d93..b093187d9 100644
--- a/lib/reactotron-mcp/src/mcp-server.ts
+++ b/lib/reactotron-mcp/src/mcp-server.ts
@@ -6,15 +6,28 @@ import type { Command } from "reactotron-core-contract"
 
 import { registerResources } from "./resources"
 import { registerTools } from "./tools"
+import { DEFAULT_SERVER_CONFIG, type McpRedactionServerConfig } from "./redaction"
 
 export interface ReactotronMcpServer {
   start(port?: number): Promise<void>
   stop(): void
   readonly started: boolean
   readonly port: number | null
+  /** Update the redaction configuration at runtime (e.g. from settings UI) */
+  updateRedactionConfig(config: Partial<McpRedactionServerConfig>): void
+  /** Current redaction server config */
+  readonly redactionConfig: McpRedactionServerConfig
 }
 
-export function createMcpServer(reactotronServer: ReactotronServer): ReactotronMcpServer {
+export function createMcpServer(
+  reactotronServer: ReactotronServer,
+  redactionConfig?: Partial<McpRedactionServerConfig>
+): ReactotronMcpServer {
+  let serverRedactionConfig: McpRedactionServerConfig = {
+    ...DEFAULT_SERVER_CONFIG,
+    ...redactionConfig,
+    defaults: { ...DEFAULT_SERVER_CONFIG.defaults, ...redactionConfig?.defaults },
+  }
   let httpServer: HttpServer | null = null
   let started = false
   let listenPort: number | null = null
@@ -48,14 +61,25 @@ export function createMcpServer(reactotronServer: ReactotronServer): ReactotronM
       { name: "reactotron", version: "0.1.0" },
       { capabilities: { resources: {}, tools: {} } }
     )
-    registerResources(mcp, reactotronServer, commandBuffer)
-    registerTools(mcp, reactotronServer, commandBuffer)
+    registerResources(mcp, reactotronServer, commandBuffer, serverRedactionConfig)
+    registerTools(mcp, reactotronServer, commandBuffer, serverRedactionConfig)
     return mcp
   }
 
   return {
     get started() { return started },
     get port() { return listenPort },
+    get redactionConfig() { return serverRedactionConfig },
+
+    updateRedactionConfig(config: Partial<McpRedactionServerConfig>) {
+      serverRedactionConfig = {
+        ...serverRedactionConfig,
+        ...config,
+        defaults: config.defaults
+          ? { ...serverRedactionConfig.defaults, ...config.defaults }
+          : serverRedactionConfig.defaults,
+      }
+    },
 
     start(port = 4567) {
       if (started) return Promise.resolve()
diff --git a/lib/reactotron-mcp/src/redaction.ts b/lib/reactotron-mcp/src/redaction.ts
new file mode 100644
index 000000000..1e52853bb
--- /dev/null
+++ b/lib/reactotron-mcp/src/redaction.ts
@@ -0,0 +1,474 @@
+import type { McpRedactionRules, McpRedactionConfig } from "reactotron-core-contract"
+import type ReactotronServer from "reactotron-core-server"
+
+export const REDACTED = "[REDACTED]"
+
+export const DEFAULT_REDACTION_RULES: McpRedactionRules = {
+  sensitiveKeys: [
+    // Credentials
+    "password", "passwd", "pwd",
+    "secret", "client_secret", "clientsecret",
+    "credentials", "ssn", "creditcard",
+    "privatekey", "private_key",
+    // API keys
+    "apikey", "api_key", "x-api-key",
+    // Auth tokens
+    "accesstoken", "access_token",
+    "refreshtoken", "refresh_token",
+    "idtoken", "id_token",
+    "token", "bearer", "jwt",
+    // Session / CSRF
+    "session", "sessionid", "session_id",
+    "csrf", "xsrf", "csrf_token", "xsrf_token",
+    // HTTP headers
+    "authorization", "cookie", "set-cookie", "proxy-authorization",
+    "x-auth-token", "x-csrf-token", "x-xsrf-token", "csrf-token",
+    "x-forwarded-for", "x-real-ip",
+  ],
+  statePathPatterns: [],
+  valuePatterns: [
+    // Bearer tokens
+    "Bearer\\s+[A-Za-z0-9\\-._~+/]+=*",
+    // JWTs (header.payload[.signature])
+    "eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}",
+    // OpenAI-style keys (also matches our legacy "sk-..." pattern)
+    "sk-[a-zA-Z0-9_-]{20,}",
+    // Anthropic API keys
+    "sk-ant-[a-zA-Z0-9_-]{20,}",
+    // GitHub PATs / fine-grained tokens
+    "gh[pousr]_[A-Za-z0-9]{30,}",
+    // Slack tokens
+    "xox[bpoas]-[a-zA-Z0-9\\-]{10,}",
+    // AWS access key IDs
+    "AKIA[0-9A-Z]{16}",
+    // Google API keys
+    "AIza[0-9A-Za-z\\-_]{35}",
+    // Stripe keys (live/test, secret/publishable/restricted)
+    "(?:sk|pk|rk)_(?:test|live)_[A-Za-z0-9]{24,}",
+    // PEM-encoded private key blocks (RSA, EC, DSA, OPENSSH, or generic)
+    "-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----[\\s\\S]+?-----END (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----",
+  ],
+}
+
+export interface McpRedactionServerConfig {
+  defaults: McpRedactionRules
+  allowClientDisable: boolean
+  allowClientRemoveRules: boolean
+}
+
+export const DEFAULT_SERVER_CONFIG: McpRedactionServerConfig = {
+  defaults: DEFAULT_REDACTION_RULES,
+  allowClientDisable: false,
+  allowClientRemoveRules: false,
+}
+
+/**
+ * Resolve effective rules by merging server defaults with client config.
+ * `additionalRules` apply unconditionally; `disableRedaction` and `removeRules`
+ * require the matching server-side permission.
+ */
+export function resolveEffectiveRules(
+  serverConfig: McpRedactionServerConfig,
+  clientConfig?: McpRedactionConfig
+): McpRedactionRules | null {
+  if (!clientConfig) return serverConfig.defaults
+
+  if (clientConfig.disableRedaction && serverConfig.allowClientDisable) {
+    return null
+  }
+
+  let rules = deepCopyRules(serverConfig.defaults)
+
+  if (clientConfig.removeRules && serverConfig.allowClientRemoveRules) {
+    rules = subtractRules(rules, clientConfig.removeRules)
+  }
+
+  if (clientConfig.additionalRules) {
+    rules = mergeRules(rules, clientConfig.additionalRules)
+  }
+
+  return rules
+}
+
+/**
+ * Get a client's McpRedactionConfig. With no clientId, returns the lone
+ * client's config when exactly one is connected, otherwise undefined —
+ * resource reads that aggregate across apps must pass clientId per event.
+ */
+export function getClientRedactionConfig(server: ReactotronServer, clientId?: string): McpRedactionConfig | undefined {
+  const connections = server.connections as any[]
+  if (clientId) {
+    const conn = connections.find((c) => c.clientId === clientId)
+    return conn?.mcpRedaction
+  }
+  if (connections.length === 1) {
+    return connections[0]?.mcpRedaction
+  }
+  return undefined
+}
+
+/**
+ * Scoped redactor that caches resolved rules per clientId. Create one per
+ * MCP request so a multi-event read does one resolve per distinct app.
+ */
+export interface Redactor {
+  /** Redact a generic payload (network entry, log event, action, etc.). */
+  redact(data: unknown, clientId?: string): unknown
+  /** Redact a state payload anchored at `statePath` (pass "" for full tree). */
+  redactState(data: unknown, clientId: string | undefined, statePath: string): unknown
+  /** Redact an AsyncStorage mutation payload (storage-key heuristic + deep walk). */
+  redactAsyncStorage(data: unknown, clientId?: string): unknown
+}
+
+const NO_CLIENT = "\0__no_client__"
+
+export function createRedactor(
+  server: ReactotronServer,
+  serverRedactionConfig: McpRedactionServerConfig,
+): Redactor {
+  const cache = new Map<string, ParsedRules | null>()
+
+  function parsedFor(clientId?: string): ParsedRules | null {
+    const key = clientId ?? NO_CLIENT
+    if (cache.has(key)) return cache.get(key)!
+    const clientConfig = getClientRedactionConfig(server, clientId)
+    const rules = resolveEffectiveRules(serverRedactionConfig, clientConfig)
+    const parsed = rules ? parseRules(rules) : null
+    cache.set(key, parsed)
+    return parsed
+  }
+
+  return {
+    redact(data, clientId) {
+      const parsed = parsedFor(clientId)
+      return parsed ? redactWithParsed(data, parsed) : data
+    },
+    redactState(data, clientId, statePath) {
+      const parsed = parsedFor(clientId)
+      return parsed ? redactWithParsed(data, parsed, statePath) : data
+    },
+    redactAsyncStorage(data, clientId) {
+      const parsed = parsedFor(clientId)
+      if (!parsed) return data
+      return redactWithParsed(redactAsyncStorageWithParsed(data, parsed), parsed)
+    },
+  }
+}
+
+function deepCopyRules(rules: McpRedactionRules): McpRedactionRules {
+  return {
+    sensitiveKeys: rules.sensitiveKeys ? [...rules.sensitiveKeys] : [],
+    statePathPatterns: rules.statePathPatterns ? [...rules.statePathPatterns] : [],
+    valuePatterns: rules.valuePatterns ? [...rules.valuePatterns] : [],
+  }
+}
+
+function mergeRules(base: McpRedactionRules, additional: McpRedactionRules): McpRedactionRules {
+  return {
+    sensitiveKeys: dedupe([...(base.sensitiveKeys ?? []), ...(additional.sensitiveKeys ?? [])]),
+    statePathPatterns: dedupe([...(base.statePathPatterns ?? []), ...(additional.statePathPatterns ?? [])]),
+    valuePatterns: dedupe([...(base.valuePatterns ?? []), ...(additional.valuePatterns ?? [])]),
+  }
+}
+
+function subtractRules(base: McpRedactionRules, remove: McpRedactionRules): McpRedactionRules {
+  const removeLower = (arr: string[]) => new Set(arr.map((s) => s.toLowerCase()))
+
+  const removeKeys = removeLower(remove.sensitiveKeys ?? [])
+  const removePaths = new Set(remove.statePathPatterns ?? [])
+  const removePatterns = new Set(remove.valuePatterns ?? [])
+
+  return {
+    sensitiveKeys: (base.sensitiveKeys ?? []).filter((k) => !removeKeys.has(k.toLowerCase())),
+    statePathPatterns: (base.statePathPatterns ?? []).filter((p) => !removePaths.has(p)),
+    valuePatterns: (base.valuePatterns ?? []).filter((p) => !removePatterns.has(p)),
+  }
+}
+
+function dedupe(arr: string[]): string[] {
+  return [...new Set(arr)]
+}
+
+const MAX_JSON_STRING_DEPTH = 5
+const MAX_JSON_PARSE_LENGTH = 1_000_000
+
+/** Precomputed form of a rules object, reused across redact() calls. */
+interface ParsedRules {
+  sensitiveKeysLower: Set<string>
+  /** All valuePatterns folded into a single alternation; null when no valid patterns. */
+  combinedValueRegex: RegExp | null
+  statePathPatterns: string[]
+  /** Cached `statePathPatterns.length > 0` — gates path-string allocation. */
+  trackPaths: boolean
+}
+
+/**
+ * Validate each pattern individually so one bad regex doesn't kill the rest,
+ * then fold the survivors into a single alternation for one-pass matching.
+ */
+function compileCombinedValueRegex(patterns: string[]): RegExp | null {
+  const valid: string[] = []
+  for (const pattern of patterns) {
+    try {
+      new RegExp(pattern)
+      valid.push(pattern)
+    } catch {
+      // Invalid regex — skip
+    }
+  }
+  if (valid.length === 0) return null
+  try {
+    return new RegExp(valid.map((p) => `(?:${p})`).join("|"), "g")
+  } catch {
+    return null
+  }
+}
+
+function parseRules(rules: McpRedactionRules): ParsedRules {
+  const statePathPatterns = rules.statePathPatterns ?? []
+  return {
+    sensitiveKeysLower: new Set((rules.sensitiveKeys ?? []).map((k) => k.toLowerCase())),
+    combinedValueRegex: compileCombinedValueRegex(rules.valuePatterns ?? []),
+    statePathPatterns,
+    trackPaths: statePathPatterns.length > 0,
+  }
+}
+
+/** Per-call state threaded through recursion. */
+interface RedactionContext {
+  parsed: ParsedRules
+  seen: Set<unknown>
+  jsonStringDepth: number
+}
+
+function makeContext(parsed: ParsedRules, jsonStringDepth = 0): RedactionContext {
+  return { parsed, seen: new Set<unknown>(), jsonStringDepth }
+}
+
+/**
+ * Deep-walk an object and redact sensitive values (returns a new object).
+ * Handles circular references by tracking seen objects.
+ */
+export function redact(data: unknown, rules: McpRedactionRules, currentPath = ""): unknown {
+  return redactWithParsed(data, parseRules(rules), currentPath)
+}
+
+function redactWithParsed(data: unknown, parsed: ParsedRules, currentPath = ""): unknown {
+  return redactValue(data, makeContext(parsed), currentPath)
+}
+
+function redactValue(data: unknown, ctx: RedactionContext, currentPath: string): unknown {
+  if (data === null || data === undefined) return data
+
+  if (typeof data === "string") {
+    return redactStringValue(data, ctx)
+  }
+
+  if (typeof data !== "object") return data
+
+  if (Array.isArray(data)) {
+    if (!ctx.parsed.trackPaths) {
+      return data.map((item) => redactValue(item, ctx, ""))
+    }
+    return data.map((item, i) => redactValue(item, ctx, currentPath ? `${currentPath}.${i}` : String(i)))
+  }
+
+  return redactObject(data as Record<string, unknown>, ctx, currentPath)
+}
+
+function redactObject(
+  obj: Record<string, unknown>,
+  ctx: RedactionContext,
+  currentPath: string,
+): Record<string, unknown> {
+  if (ctx.seen.has(obj)) return { _circular: REDACTED }
+  ctx.seen.add(obj)
+
+  const result: Record<string, unknown> = {}
+  const sensitiveKeysLower = ctx.parsed.sensitiveKeysLower
+  const trackPaths = ctx.parsed.trackPaths
+
+  for (const [key, value] of Object.entries(obj)) {
+    // Common case first — most keys aren't path-pattern matches.
+    if (sensitiveKeysLower.has(key.toLowerCase())) {
+      result[key] = REDACTED
+      continue
+    }
+
+    if (trackPaths) {
+      const childPath = currentPath ? `${currentPath}.${key}` : key
+      if (matchesStatePath(childPath, ctx.parsed.statePathPatterns)) {
+        result[key] = REDACTED
+        continue
+      }
+      result[key] = redactValue(value, ctx, childPath)
+    } else {
+      result[key] = redactValue(value, ctx, "")
+    }
+  }
+
+  return result
+}
+
+function redactStringValue(value: string, ctx: RedactionContext): string {
+  let result = value
+  const { sensitiveKeysLower, combinedValueRegex } = ctx.parsed
+
+  // Detect JSON strings and redact their contents by parsing → redacting → re-stringifying.
+  // Guarded by depth limit (nested JSON.stringify layers) and size limit (avoid parsing huge strings).
+  if (ctx.jsonStringDepth < MAX_JSON_STRING_DEPTH && result.length <= MAX_JSON_PARSE_LENGTH) {
+    const trimmed = result.trim()
+    if ((trimmed.startsWith("{") && trimmed.endsWith("}")) || (trimmed.startsWith("[") && trimmed.endsWith("]"))) {
+      try {
+        const parsed = JSON.parse(result)
+        if (typeof parsed === "object" && parsed !== null) {
+          const innerCtx = makeContext(ctx.parsed, ctx.jsonStringDepth + 1)
+          return JSON.stringify(redactValue(parsed, innerCtx, ""))
+        }
+      } catch {
+        // Not valid JSON — fall through to other redaction strategies
+      }
+    }
+  }
+
+  // Redact URL query parameters whose names match sensitiveKeys
+  if (sensitiveKeysLower.size > 0) {
+    if (result.includes("?")) {
+      result = redactUrlQueryParams(result, sensitiveKeysLower)
+    } else if (looksLikeFormEncoded(result)) {
+      result = redactFormEncodedParams(result, sensitiveKeysLower)
+    }
+  }
+
+  if (combinedValueRegex) {
+    combinedValueRegex.lastIndex = 0
+    result = result.replace(combinedValueRegex, REDACTED)
+  }
+  return result
+}
+
+/**
+ * Detect a form-urlencoded body string (e.g. "user=alice&password=x"). The
+ * strict `^k=v(&k=v)*$` anchor avoids false positives on prose like "x=5".
+ */
+const FORM_ENCODED_RE = /^[\w.\-+~*[\]%]+=[^&]*(?:&[\w.\-+~*[\]%]+=[^&]*)*$/
+function looksLikeFormEncoded(value: string): boolean {
+  if (!value || value.length > 8192) return false
+  return FORM_ENCODED_RE.test(value)
+}
+
+/** Redact values in a form-urlencoded body where the param name matches sensitiveKeys. */
+function redactFormEncodedParams(value: string, sensitiveKeysLower: Set<string>): string {
+  return value.split("&").map((param) => {
+    const eqIndex = param.indexOf("=")
+    if (eqIndex === -1) return param
+    const name = param.slice(0, eqIndex)
+    if (sensitiveKeysLower.has(name.toLowerCase())) {
+      return `${name}=${REDACTED}`
+    }
+    return param
+  }).join("&")
+}
+
+/** Redact query parameter values in URLs where the param name matches sensitiveKeys. */
+function redactUrlQueryParams(value: string, sensitiveKeysLower: Set<string>): string {
+  const qIndex = value.indexOf("?")
+  if (qIndex === -1) return value
+
+  const base = value.slice(0, qIndex + 1)
+  const queryString = value.slice(qIndex + 1)
+
+  // Handle fragment after query string
+  const hashIndex = queryString.indexOf("#")
+  const qs = hashIndex === -1 ? queryString : queryString.slice(0, hashIndex)
+  const fragment = hashIndex === -1 ? "" : queryString.slice(hashIndex)
+
+  const redactedParams = qs.split("&").map((param) => {
+    const eqIndex = param.indexOf("=")
+    if (eqIndex === -1) return param
+    const name = param.slice(0, eqIndex)
+    if (sensitiveKeysLower.has(name.toLowerCase())) {
+      return `${name}=${REDACTED}`
+    }
+    return param
+  }).join("&")
+
+  return base + redactedParams + fragment
+}
+
+function matchesStatePath(currentPath: string, patterns: string[]): boolean {
+  for (const pattern of patterns) {
+    if (pattern.endsWith(".*")) {
+      const prefix = pattern.slice(0, -2)
+      // "auth.tokens.*" matches "auth.tokens.access" but NOT "auth.tokens" itself
+      if (currentPath.startsWith(prefix + ".") && currentPath.length > prefix.length + 1) {
+        return true
+      }
+    } else if (currentPath === pattern) {
+      return true
+    }
+  }
+  return false
+}
+
+/**
+ * Check whether a storage key (e.g. "auth:password", "auth_password", "user.api_key")
+ * contains any sensitive key name as a case-insensitive substring.
+ */
+function storageKeyIsSensitive(storageKey: string, sensitiveKeysLower: Set<string>): boolean {
+  const keyLower = storageKey.toLowerCase()
+  for (const sensitive of sensitiveKeysLower) {
+    if (keyLower.includes(sensitive)) return true
+  }
+  return false
+}
+
+/**
+ * Redact AsyncStorage mutation payloads. The storage key carries the
+ * sensitive name (not any payload field), so this branches by wire shape
+ * (`{ key, value }`, `{ pairs: [[k, v], ...] }`) and tests the key against
+ * sensitiveKeys before redacting the corresponding value.
+ */
+export function redactAsyncStorageData(data: unknown, rules: McpRedactionRules): unknown {
+  if (data === null || data === undefined) return data
+  return redactAsyncStorageWithParsed(data, parseRules(rules))
+}
+
+function redactAsyncStorageWithParsed(data: unknown, parsed: ParsedRules): unknown {
+  if (parsed.sensitiveKeysLower.size === 0) return data
+  return redactAsyncStorageItem(data, makeContext(parsed))
+}
+
+function redactAsyncStorageItem(data: unknown, ctx: RedactionContext): unknown {
+  const sensitiveKeysLower = ctx.parsed.sensitiveKeysLower
+
+  // [key, value] tuple from a multiSet/multiMerge `pairs` entry.
+  if (Array.isArray(data) && data.length === 2 && typeof data[0] === "string") {
+    const [key, value] = data as [string, unknown]
+    if (storageKeyIsSensitive(key, sensitiveKeysLower)) return [key, REDACTED]
+    if (typeof value === "string") return [key, redactStringValue(value, ctx)]
+    return data
+  }
+
+  if (typeof data === "object" && data !== null) {
+    const obj = data as Record<string, unknown>
+
+    // multiSet / multiMerge: { pairs: [[key, value], ...] }
+    if (Array.isArray(obj.pairs)) {
+      return { ...obj, pairs: obj.pairs.map((p) => redactAsyncStorageItem(p, ctx)) }
+    }
+
+    // setItem / mergeItem: { key, value }
+    if ("key" in obj && typeof obj.key === "string") {
+      const result = { ...obj }
+      if (storageKeyIsSensitive(obj.key, sensitiveKeysLower) && "value" in obj) {
+        result.value = REDACTED
+      } else if ("value" in obj && typeof obj.value === "string") {
+        result.value = redactStringValue(obj.value as string, ctx)
+      }
+      return result
+    }
+  }
+
+  return data
+}
diff --git a/lib/reactotron-mcp/src/resources.ts b/lib/reactotron-mcp/src/resources.ts
index 0e83f8f76..a069bf2fb 100644
--- a/lib/reactotron-mcp/src/resources.ts
+++ b/lib/reactotron-mcp/src/resources.ts
@@ -10,6 +10,7 @@ import {
   summarizeCommand,
   summarizeNetworkEntry,
 } from "./serialization"
+import { createRedactor, type McpRedactionServerConfig } from "./redaction"
 
 interface AppInfo {
   id: number
@@ -85,15 +86,19 @@ function json(uri: URL, data: unknown, guidance?: string) {
 export function registerResources(
   mcp: McpServer,
   server: ReactotronServer,
-  commandBuffer: Command[]
+  commandBuffer: Command[],
+  serverRedactionConfig: McpRedactionServerConfig
 ) {
   mcp.registerResource("timeline", "reactotron://timeline", {
     description: "Read this first to understand what's happening in the app. Returns summarized debug events (type, timestamp, and a short preview) newest-first. Payloads are stripped to keep the response small. Use the timeline_by_type resource template to get full event data filtered by type (e.g. reactotron://timeline/api.response).",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const events = filterByClient(commandBuffer, server)
-    const summarized = [...events].reverse().map(summarizeCommand)
+    const summarized = [...events].reverse().map((cmd) =>
+      redactor.redact(summarizeCommand(cmd), cmd.clientId)
+    )
     return json(uri, { _meta: meta, eventCount: events.length, events: summarized },
       "Events are summarized. Use the timeline_by_type resource (e.g. reactotron://timeline/api.response) to get full payloads for a specific event type.")
   })
@@ -121,10 +126,14 @@ export function registerResources(
       mimeType: "application/json",
     },
     async (uri, { type }) => {
+      const redactor = createRedactor(server, serverRedactionConfig)
       const meta = connectionMeta(server)
       const events = filterByClient(commandBuffer, server)
         .filter((c) => c.type === type)
-      return json(uri, { _meta: meta, type, eventCount: events.length, events: [...events].reverse() },
+      const redactedEvents = [...events].reverse().map((cmd) =>
+        redactor.redact(cmd, cmd.clientId)
+      )
+      return json(uri, { _meta: meta, type, eventCount: events.length, events: redactedEvents },
         `Too many ${type} events to return in full. Try clear_timeline to reset, then reproduce the issue to capture fewer events.`)
     }
   )
@@ -133,34 +142,40 @@ export function registerResources(
     description: "Latest cached Redux/MST state snapshot. May be stale — use the request_state tool for a fresh snapshot. Returns no_state_received if the app hasn't sent state yet.",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const stateCommands = filterByClient(
       commandBuffer.filter((c) => c.type === "state.values.response"),
       server
     )
     const latest = stateCommands[stateCommands.length - 1]
-    return json(uri, {
-      _meta: meta,
-      state: latest?.payload?.value ?? {
-        status: "no_state_received",
-        message: "No state snapshot received yet. Use the request_state tool to request one.",
-      },
-    }, "State is too large. Use the request_state tool with a path like 'user.profile' to fetch a specific slice. Use request_state_keys to explore the state shape first.")
+    const stateValue = latest?.payload?.value ?? {
+      status: "no_state_received",
+      message: "No state snapshot received yet. Use the request_state tool to request one.",
+    }
+    // payload.path anchors state-path patterns when the cached snapshot is a
+    // subtree (from a prior request_state with a path).
+    const statePath = (latest?.payload as { path?: string } | undefined)?.path ?? ""
+    const redactedState = redactor.redactState(stateValue, latest?.clientId, statePath)
+    return json(uri, { _meta: meta, state: redactedState },
+      "State is too large. Use the request_state tool with a path like 'user.profile' to fetch a specific slice. Use request_state_keys to explore the state shape first.")
   })
 
   mcp.registerResource("network", "reactotron://network/log", {
     description: "Captured HTTP requests and responses. Each entry shows URL, method, status, duration, headers, and previews of request/response bodies (truncated to 500 chars). Use timeline_by_type with type 'api.response' for full request/response data.",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const networkCommands = filterByClient(
       commandBuffer.filter((c) => c.type === "api.response"),
       server
     )
-    return json(uri, {
-      _meta: meta,
-      entries: networkCommands.map(summarizeNetworkEntry),
-    }, "Network log is too large. Use timeline_by_type with type 'api.response' for full data, or clear_timeline to reset and capture fewer events.")
+    const entries = networkCommands.map((cmd) =>
+      redactor.redact(summarizeNetworkEntry(cmd), cmd.clientId)
+    )
+    return json(uri, { _meta: meta, entries },
+      "Network log is too large. Use timeline_by_type with type 'api.response' for full data, or clear_timeline to reset and capture fewer events.")
   })
 
   mcp.registerResource("apps", "reactotron://apps", {
@@ -176,58 +191,53 @@ export function registerResources(
     description: "Performance benchmark results from connected apps, sorted by time. Each has title, steps, and durations.",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const benchmarks = filterByClient(
       commandBuffer.filter((c) => c.type === "benchmark.report"),
       server
+    ).map((c) =>
+      redactor.redact({ date: c.date, clientId: c.clientId, ...c.payload }, c.clientId)
     )
-    return json(uri, {
-      _meta: meta,
-      benchmarks: benchmarks.map((c) => ({
-        date: c.date,
-        clientId: c.clientId,
-        ...c.payload,
-      })),
-    })
+    return json(uri, { _meta: meta, benchmarks })
   })
 
   mcp.registerResource("subscriptions", "reactotron://state/subscriptions", {
     description: "State subscription changes. Shows values at subscribed paths whenever they change. Use the subscribe_state tool to add subscriptions.",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const changes = filterByClient(
       commandBuffer.filter((c) => c.type === "state.values.change"),
       server
+    ).map((c) =>
+      redactor.redact({ date: c.date, clientId: c.clientId, ...c.payload }, c.clientId)
     )
     return json(uri, {
       _meta: meta,
       activeSubscriptions: (server as any).subscriptions || [],
-      changes: changes.map((c) => ({
-        date: c.date,
-        clientId: c.clientId,
-        ...c.payload,
-      })),
-    }, "Subscription changes are too large. Consider unsubscribing from paths with large values, or use request_state with a specific path instead.")
+      changes,
+    },
+      "Subscription changes are too large. Consider unsubscribing from paths with large values, or use request_state with a specific path instead.")
   })
 
   mcp.registerResource("asyncstorage", "reactotron://asyncstorage", {
     description: "AsyncStorage mutations captured from the app. Shows setItem, removeItem, mergeItem, multiSet, multiRemove, multiMerge, and clear operations with their keys and values.",
     mimeType: "application/json",
   }, async (uri) => {
+    const redactor = createRedactor(server, serverRedactionConfig)
     const meta = connectionMeta(server)
     const mutations = filterByClient(
       commandBuffer.filter((c) => c.type === "asyncStorage.mutation"),
       server
-    )
-    return json(uri, {
-      _meta: meta,
-      mutations: mutations.map((c) => ({
-        date: c.date,
-        clientId: c.clientId,
-        action: c.payload?.action,
-        data: c.payload?.data,
-      })),
-    }, "AsyncStorage mutations are too large. Try clear_timeline to reset, then reproduce the specific interaction you want to inspect.")
+    ).map((c) => ({
+      date: c.date,
+      clientId: c.clientId,
+      action: c.payload?.action,
+      data: redactor.redactAsyncStorage(c.payload?.data, c.clientId),
+    }))
+    return json(uri, { _meta: meta, mutations },
+      "AsyncStorage mutations are too large. Try clear_timeline to reset, then reproduce the specific interaction you want to inspect.")
   })
 }
diff --git a/lib/reactotron-mcp/src/tools.ts b/lib/reactotron-mcp/src/tools.ts
index 90cc297d1..47afd5cc1 100644
--- a/lib/reactotron-mcp/src/tools.ts
+++ b/lib/reactotron-mcp/src/tools.ts
@@ -6,6 +6,7 @@ import { promises as fsPromises } from "fs"
 import { extname } from "path"
 
 import { MAX_RESPONSE_CHARS, safeSerialize } from "./serialization"
+import { createRedactor, type McpRedactionServerConfig } from "./redaction"
 
 /** Extract width/height from PNG or JPEG buffer */
 function getImageSize(buf: Buffer, ext: string): { width: number; height: number } | null {
@@ -68,7 +69,8 @@ function textResult(data: unknown, guidance?: string) {
 export function registerTools(
   mcp: McpServer,
   server: ReactotronServer,
-  commandBuffer: Command[]
+  commandBuffer: Command[],
+  serverRedactionConfig: McpRedactionServerConfig
 ) {
   mcp.registerTool("dispatch_action", {
     description: [
@@ -88,6 +90,8 @@ export function registerTools(
     const action = { type: args.actionType, payload: args.actionPayload }
     server.send("state.action.dispatch", { action }, clientId)
 
+    const redactor = createRedactor(server, serverRedactionConfig)
+
     // Poll for confirmation (state.action.complete)
     const start = Date.now()
     const startLen = commandBuffer.length
@@ -96,11 +100,11 @@ export function registerTools(
       for (let i = startLen; i < commandBuffer.length; i++) {
         const cmd = commandBuffer[i]
         if (cmd.type === "state.action.complete" && cmd.clientId === clientId) {
-          return textResult({ status: "dispatched", action, confirmed: true })
+          return textResult({ status: "dispatched", action: redactor.redact(action, clientId), confirmed: true })
         }
       }
     }
-    return textResult({ status: "dispatched", action, confirmed: false, note: "Action was sent but no confirmation received. The app may not have the Redux plugin configured." })
+    return textResult({ status: "dispatched", action: redactor.redact(action, clientId), confirmed: false, note: "Action was sent but no confirmation received. The app may not have the Redux plugin configured." })
   })
 
   mcp.registerTool("request_state", {
@@ -130,8 +134,11 @@ export function registerTools(
       for (let i = startLen; i < commandBuffer.length; i++) {
         const cmd = commandBuffer[i]
         if (cmd.type === "state.values.response" && cmd.clientId === clientId) {
+          const stateValue = cmd.payload?.value ?? cmd.payload
+          const redactor = createRedactor(server, serverRedactionConfig)
+          const redactedState = redactor.redactState(stateValue, clientId, path)
           return textResult(
-            { status: "success", state: cmd.payload?.value ?? cmd.payload },
+            { status: "success", state: redactedState },
             "State response is too large. Use request_state with a more specific path (e.g. 'user.profile') to narrow the response. Use request_state_keys to explore the state shape."
           )
         }
diff --git a/lib/reactotron-mcp/test/mcp-server.test.ts b/lib/reactotron-mcp/test/mcp-server.test.ts
index 4fbaffa2c..91e739179 100644
--- a/lib/reactotron-mcp/test/mcp-server.test.ts
+++ b/lib/reactotron-mcp/test/mcp-server.test.ts
@@ -702,3 +702,103 @@ describe("large response truncation", () => {
     }
   })
 })
+
+describe("per-client redaction across multiple connected apps", () => {
+  function connectAppWithConfig(
+    port: number,
+    name: string,
+    mcpRedaction: any
+  ): Promise<WebSocket> {
+    return new Promise((resolve) => {
+      const ws = new WebSocket(`ws://localhost:${port}`)
+      ws.on("open", () => {
+        ws.send(
+          JSON.stringify({
+            type: "client.intro",
+            payload: {
+              name,
+              platform: "ios",
+              platformVersion: "17.0",
+              clientId: `${name}-ios-test`,
+              mcpRedaction,
+            },
+          })
+        )
+        setTimeout(() => resolve(ws), 100)
+      })
+    })
+  }
+
+  test("each app's events are redacted with its own additionalRules", async () => {
+    // App A redacts "fooSecret"; App B redacts "barSecret". Each emits a log
+    // containing both keys. Verify cross-app rules don't leak: app A's log
+    // should still show "barSecret" (only fooSecret redacted), and vice versa.
+    const appA = await connectAppWithConfig(relayPort, "AppA", {
+      additionalRules: { sensitiveKeys: ["fooSecret"] },
+    })
+    const appB = await connectAppWithConfig(relayPort, "AppB", {
+      additionalRules: { sensitiveKeys: ["barSecret"] },
+    })
+
+    try {
+      const sensitivePayload = { fooSecret: "leak-foo", barSecret: "leak-bar", note: "hi" }
+      appA.send(JSON.stringify({ type: "log", payload: sensitivePayload }))
+      appB.send(JSON.stringify({ type: "log", payload: sensitivePayload }))
+      await new Promise((r) => setTimeout(r, 150))
+
+      const res = await mcpRequest(mcpPort, {
+        jsonrpc: "2.0",
+        method: "resources/read",
+        id: 100,
+        params: { uri: "reactotron://timeline/log" },
+      })
+      const result = parseSSE(res.body)
+      const data = JSON.parse(result.result.contents[0].text)
+
+      const appAEvent = data.events.find((e: any) => e.clientId === "AppA-ios-test")
+      const appBEvent = data.events.find((e: any) => e.clientId === "AppB-ios-test")
+      expect(appAEvent).toBeDefined()
+      expect(appBEvent).toBeDefined()
+
+      // App A: fooSecret redacted (its own rule), barSecret leaks through (not its rule)
+      expect(appAEvent.payload.fooSecret).toBe("[REDACTED]")
+      expect(appAEvent.payload.barSecret).toBe("leak-bar")
+
+      // App B: opposite
+      expect(appBEvent.payload.fooSecret).toBe("leak-foo")
+      expect(appBEvent.payload.barSecret).toBe("[REDACTED]")
+    } finally {
+      appA.close()
+      appB.close()
+    }
+  })
+
+  test("server defaults still apply per-event in multi-app mode", async () => {
+    // Without any per-client overrides, both apps' password fields must redact.
+    const appA = await connectMockApp(relayPort, "DefaultAppA")
+    const appB = await connectMockApp(relayPort, "DefaultAppB")
+
+    try {
+      appA.send(JSON.stringify({ type: "log", payload: { password: "pw-a", name: "alice" } }))
+      appB.send(JSON.stringify({ type: "log", payload: { password: "pw-b", name: "bob" } }))
+      await new Promise((r) => setTimeout(r, 150))
+
+      const res = await mcpRequest(mcpPort, {
+        jsonrpc: "2.0",
+        method: "resources/read",
+        id: 101,
+        params: { uri: "reactotron://timeline/log" },
+      })
+      const result = parseSSE(res.body)
+      const data = JSON.parse(result.result.contents[0].text)
+
+      const events = data.events.filter((e: any) => e.type === "log")
+      for (const ev of events) {
+        expect(ev.payload.password).toBe("[REDACTED]")
+      }
+    } finally {
+      appA.close()
+      appB.close()
+    }
+  })
+})
diff --git a/lib/reactotron-mcp/test/redaction-integration.test.ts b/lib/reactotron-mcp/test/redaction-integration.test.ts
new file mode 100644
index 000000000..44ffda9f4
--- /dev/null
+++ b/lib/reactotron-mcp/test/redaction-integration.test.ts
@@ -0,0 +1,339 @@
+/**
+ * Integration tests for redaction applied to typical MCP resource/tool data shapes.
+ * These test the full flow: resolveEffectiveRules → redact on real-world-like payloads.
+ */
+import {
+  redact,
+  resolveEffectiveRules,
+  DEFAULT_SERVER_CONFIG,
+  REDACTED,
+  type McpRedactionServerConfig,
+} from "../src/redaction"
+import type { McpRedactionConfig, McpRedactionRules } from "reactotron-core-contract"
+
+describe("redaction integration — network resource data", () => {
+  const serverConfig = DEFAULT_SERVER_CONFIG
+
+  test("redacts Authorization header in network entries", () => {
+    const networkData = {
+      _meta: { connection: "single_app" },
+      entries: [
+        {
+          messageId: 1,
+          date: "2024-01-01",
+          duration: 100,
+          request: {
+            method: "GET",
+            url: "/api/users",
+            headers: {
+              Authorization: "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0",
+              "Content-Type": "application/json",
+            },
+            data: null,
+          },
+          response: {
+            status: 200,
+            headers: {
+              "Set-Cookie": "session=abc123; HttpOnly",
+              "Content-Type": "application/json",
+            },
+            body: '{"users": []}',
+          },
+        },
+      ],
+    }
+
+    const rules = resolveEffectiveRules(serverConfig)!
+    const result = redact(networkData, rules) as any
+
+    expect(result.entries[0].request.headers.Authorization).toBe(REDACTED)
+    expect(result.entries[0].request.headers["Content-Type"]).toBe("application/json")
+    expect(result.entries[0].response.headers["Set-Cookie"]).toBe(REDACTED)
+    expect(result.entries[0].response.headers["Content-Type"]).toBe("application/json")
+    expect(result.entries[0].request.url).toBe("/api/users")
+  })
+
+  test("redacts x-api-key header", () => {
+    const data = {
+      entries: [{
+        request: {
+          headers: { "X-Api-Key": "my-secret-api-key-12345" },
+          url: "/api/data",
+        },
+      }],
+    }
+
+    const rules = resolveEffectiveRules(serverConfig)!
+    const result = redact(data, rules) as any
+    expect(result.entries[0].request.headers["X-Api-Key"]).toBe(REDACTED)
+    expect(result.entries[0].request.url).toBe("/api/data")
+  })
+})
+
+describe("redaction integration — state resource data", () => {
+  const serverConfig = DEFAULT_SERVER_CONFIG
+
+  test("redacts password fields in state", () => {
+    const stateData = {
+      _meta: { connection: "single_app" },
+      state: {
+        user: {
+          name: "Alice",
+          email: "alice@example.com",
+          password: "hunter2",
+          settings: {
+            api_key: "sk-abcdefghijklmnopqrstuvwxyz1234",
+          },
+        },
+        auth: {
+          access_token: "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0",
+          refresh_token: "rt_abc123",
+          isLoggedIn: true,
+        },
+      },
+    }
+
+    const rules = resolveEffectiveRules(serverConfig)!
+    const result = redact(stateData, rules) as any
+
+    expect(result.state.user.name).toBe("Alice")
+    expect(result.state.user.email).toBe("alice@example.com")
+    expect(result.state.user.password).toBe(REDACTED)
+    expect(result.state.user.settings.api_key).toBe(REDACTED)
+    expect(result.state.auth.access_token).toBe(REDACTED)
+    expect(result.state.auth.refresh_token).toBe(REDACTED)
+    expect(result.state.auth.isLoggedIn).toBe(true)
+  })
+
+  test("redacts JWT values in log messages", () => {
+    const data = {
+      events: [{
+        type: "log",
+        payloadPreview: "[info] User authenticated with token eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0 successfully",
+      }],
+    }
+
+    const rules = resolveEffectiveRules(serverConfig)!
+    const result = redact(data, rules) as any
+    expect(result.events[0].payloadPreview).not.toContain("eyJ")
+    expect(result.events[0].payloadPreview).toContain("successfully")
+  })
+})
+
+describe("redaction integration — asyncstorage resource data", () => {
+  test("redacts sensitive values in AsyncStorage mutations", () => {
+    const data = {
+      mutations: [
+        {
+          date: "2024-01-01",
+          action: "setItem",
+          data: { key: "auth_token", value: "ghp_abcdefghijklmnopqrstuvwxyz1234567890" },
+        },
+        {
+          date: "2024-01-01",
+          action: "setItem",
+          data: { key: "username", value: "alice" },
+        },
+        {
+          date: "2024-01-01",
+          action: "setItem",
+          data: { key: "credentials", value: { username: "alice", password: "hunter2" } },
+        },
+      ],
+    }
+
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG)!
+    const result = redact(data, rules) as any
+
+    // GitHub PAT should be redacted by value pattern
+    expect(result.mutations[0].data.value).toBe(REDACTED)
+    // Plain username should not be redacted
+    expect(result.mutations[1].data.value).toBe("alice")
+    // credentials key should be redacted entirely
+    expect(result.mutations[2].data.key).toBe("credentials")
+    // The value under "credentials" key is redacted by sensitiveKeys
+    // Note: "credentials" is in sensitiveKeys, but it's a key name on the `data` object level
+    // The object has key "credentials" at mutations[2].data which maps to the nested object
+  })
+})
+
+describe("redaction integration — tool response data", () => {
+  test("redacts state in request_state tool response shape", () => {
+    const toolResponse = {
+      status: "success",
+      state: {
+        users: {
+          currentUser: {
+            name: "Alice",
+            accessToken: "sk-abcdefghijklmnopqrstuvwxyz",
+            private_key: "-----BEGIN RSA PRIVATE KEY-----",
+          },
+        },
+      },
+    }
+
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG)!
+    const result = redact(toolResponse, rules) as any
+
+    expect(result.state.users.currentUser.name).toBe("Alice")
+    expect(result.state.users.currentUser.accessToken).toBe(REDACTED)
+    expect(result.state.users.currentUser.private_key).toBe(REDACTED)
+  })
+
+  test("redacts action payload in dispatch_action tool response shape", () => {
+    const toolResponse = {
+      status: "dispatched",
+      action: {
+        type: "auth/login",
+        payload: {
+          username: "alice",
+          password: "hunter2",
+          apiKey: "sk-abcdefghijklmnopqrstuvwxyz",
+        },
+      },
+      confirmed: true,
+    }
+
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG)!
+    const result = redact(toolResponse, rules) as any
+
+    expect(result.action.type).toBe("auth/login")
+    expect(result.action.payload.username).toBe("alice")
+    expect(result.action.payload.password).toBe(REDACTED)
+    expect(result.action.payload.apiKey).toBe(REDACTED)
+  })
+})
+
+describe("redaction integration — client config merging", () => {
+  test("client additional rules are merged with server defaults", () => {
+    const clientConfig: McpRedactionConfig = {
+      additionalRules: {
+        sensitiveKeys: ["myCustomField", "internalId", "x-internal-auth"],
+      },
+    }
+
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)!
+
+    // Server defaults still present
+    expect(rules.sensitiveKeys).toContain("password")
+    expect(rules.sensitiveKeys).toContain("authorization")
+    // Client additions present
+    expect(rules.sensitiveKeys).toContain("myCustomField")
+    expect(rules.sensitiveKeys).toContain("internalId")
+    expect(rules.sensitiveKeys).toContain("x-internal-auth")
+
+    // Verify it actually redacts the custom fields
+    const data = {
+      user: { name: "alice", myCustomField: "secret-data", password: "hunter2" },
+      request: {
+        headers: {
+          "x-internal-auth": "token-123",
+          Authorization: "Bearer abc",
+          "Content-Type": "application/json",
+        },
+      },
+    }
+    const result = redact(data, rules) as any
+    expect(result.user.myCustomField).toBe(REDACTED)
+    expect(result.user.password).toBe(REDACTED)
+    expect(result.user.name).toBe("alice")
+    expect(result.request.headers["x-internal-auth"]).toBe(REDACTED)
+    expect(result.request.headers.Authorization).toBe(REDACTED)
+    expect(result.request.headers["Content-Type"]).toBe("application/json")
+  })
+
+  test("client disable is blocked by default server config", () => {
+    const clientConfig: McpRedactionConfig = { disableRedaction: true }
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)
+
+    // Should NOT be null — server blocks disable
+    expect(rules).not.toBeNull()
+    expect(rules!.sensitiveKeys).toContain("password")
+  })
+
+  test("client disable is honored when server allows", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientDisable: true,
+    }
+    const clientConfig: McpRedactionConfig = { disableRedaction: true }
+    const rules = resolveEffectiveRules(serverConfig, clientConfig)
+
+    expect(rules).toBeNull()
+  })
+
+  test("client remove rules blocked by default", () => {
+    const clientConfig: McpRedactionConfig = {
+      removeRules: { sensitiveKeys: ["authorization"] },
+    }
+    const rules = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)!
+    expect(rules.sensitiveKeys).toContain("authorization")
+  })
+
+  test("client remove rules honored when server allows", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientRemoveRules: true,
+    }
+    const clientConfig: McpRedactionConfig = {
+      removeRules: { sensitiveKeys: ["authorization"] },
+    }
+    const rules = resolveEffectiveRules(serverConfig, clientConfig)!
+    expect(rules.sensitiveKeys).not.toContain("authorization")
+    expect(rules.sensitiveKeys).toContain("cookie") // other defaults intact
+  })
+})
+
+describe("redaction integration — state path patterns with real state shapes", () => {
+  test("wildcard path redacts all children of a state subtree", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      defaults: {
+        ...DEFAULT_SERVER_CONFIG.defaults,
+        statePathPatterns: ["auth.tokens.*"],
+      },
+    }
+    const rules = resolveEffectiveRules(serverConfig)!
+
+    const state = {
+      auth: {
+        tokens: {
+          access: "abc123",
+          refresh: "def456",
+          idToken: "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0",
+        },
+        isAuthenticated: true,
+      },
+      user: { name: "Alice" },
+    }
+
+    const result = redact(state, rules) as any
+    expect(result.auth.tokens.access).toBe(REDACTED)
+    expect(result.auth.tokens.refresh).toBe(REDACTED)
+    expect(result.auth.tokens.idToken).toBe(REDACTED)
+    expect(result.auth.isAuthenticated).toBe(true)
+    expect(result.user.name).toBe("Alice")
+  })
+
+  test("exact path redacts specific state key", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      defaults: {
+        ...DEFAULT_SERVER_CONFIG.defaults,
+        statePathPatterns: ["config.apiSecret"],
+      },
+    }
+    const rules = resolveEffectiveRules(serverConfig)!
+
+    const state = {
+      config: {
+        apiSecret: "my-secret-value",
+        apiUrl: "https://api.example.com",
+      },
+    }
+
+    const result = redact(state, rules) as any
+    expect(result.config.apiSecret).toBe(REDACTED)
+    expect(result.config.apiUrl).toBe("https://api.example.com")
+  })
+})
diff --git a/lib/reactotron-mcp/test/redaction.test.ts b/lib/reactotron-mcp/test/redaction.test.ts
new file mode 100644
index 000000000..feb5eb2d8
--- /dev/null
+++ b/lib/reactotron-mcp/test/redaction.test.ts
@@ -0,0 +1,828 @@
+import {
+  redact,
+  redactAsyncStorageData,
+  resolveEffectiveRules,
+  createRedactor,
+  DEFAULT_REDACTION_RULES,
+  DEFAULT_SERVER_CONFIG,
+  REDACTED,
+  type McpRedactionServerConfig,
+} from "../src/redaction"
+import type { McpRedactionRules, McpRedactionConfig } from "reactotron-core-contract"
+
+describe("redact()", () => {
+  const rules: McpRedactionRules = {
+    sensitiveKeys: ["password", "secret", "api_key", "authorization", "cookie"],
+    statePathPatterns: ["auth.tokens.*", "user.ssn"],
+    valuePatterns: [
+      "Bearer\\s+[A-Za-z0-9\\-._~+/]+=*",
+      "eyJ[A-Za-z0-9_-]{10,}\\.[A-Za-z0-9_-]{10,}",
+    ],
+  }
+
+  test("redacts sensitive key names (case-insensitive)", () => {
+    const data = { username: "alice", Password: "s3cret", SECRET: "abc" }
+    const result = redact(data, rules) as any
+    expect(result.username).toBe("alice")
+    expect(result.Password).toBe(REDACTED)
+    expect(result.SECRET).toBe(REDACTED)
+  })
+
+  test("redacts nested sensitive keys", () => {
+    const data = { user: { name: "alice", password: "s3cret" } }
+    const result = redact(data, rules) as any
+    expect(result.user.name).toBe("alice")
+    expect(result.user.password).toBe(REDACTED)
+  })
+
+  test("redacts header names in objects under 'headers' keys", () => {
+    const data = {
+      request: {
+        url: "/api/data",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: "Bearer abc123",
+          Cookie: "session=xyz",
+        },
+      },
+    }
+    const result = redact(data, rules) as any
+    expect(result.request.headers["Content-Type"]).toBe("application/json")
+    expect(result.request.headers.Authorization).toBe(REDACTED)
+    expect(result.request.headers.Cookie).toBe(REDACTED)
+  })
+
+  test("redacts header names anywhere they appear, not just under 'headers' keys", () => {
+    // Real-world leak path: redux state caches an API response under a non-canonical
+    // key (requestHeaders / lastResponse / etc.) — header-name rules must still fire,
+    // because Cookie values like "session=xyz" don't match any default value pattern.
+    const data = {
+      lastResponse: {
+        requestHeaders: {
+          Authorization: "Bearer abc123",
+          Cookie: "session=xyz",
+          "Content-Type": "application/json",
+        },
+      },
+    }
+    const result = redact(data, rules) as any
+    expect(result.lastResponse.requestHeaders.Authorization).toBe(REDACTED)
+    expect(result.lastResponse.requestHeaders.Cookie).toBe(REDACTED)
+    expect(result.lastResponse.requestHeaders["Content-Type"]).toBe("application/json")
+  })
+
+  test("redacts a Set-Cookie array value (not just string)", () => {
+    // Pre-unification regression: when headers had a separate code path, only
+    // string values got redacted — an array of cookies under Set-Cookie slipped
+    // through. Universal-key matching now drops the whole value at the key.
+    const data = {
+      headers: {
+        "Set-Cookie": ["session=xyz; HttpOnly", "remember=1"],
+      },
+    }
+    const setCookieRules: McpRedactionRules = {
+      sensitiveKeys: ["set-cookie"],
+      valuePatterns: [],
+    }
+    const result = redact(data, setCookieRules) as any
+    expect(result.headers["Set-Cookie"]).toBe(REDACTED)
+  })
+
+  test("redacts values matching value patterns", () => {
+    const data = {
+      message: "Token is Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0 and more",
+    }
+    const result = redact(data, rules) as any
+    expect(result.message).not.toContain("Bearer")
+    expect(result.message).toContain(REDACTED)
+    expect(result.message).toContain("and more")
+  })
+
+  test("redacts JWT-like values", () => {
+    const jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0"
+    const data = { token: jwt, label: "test" }
+    const result = redact(data, rules) as any
+    expect(result.token).toBe(REDACTED)
+    expect(result.label).toBe("test")
+  })
+
+  test("redacts state paths matching patterns", () => {
+    const data = {
+      auth: {
+        tokens: {
+          access: "abc",
+          refresh: "def",
+        },
+        username: "alice",
+      },
+      user: {
+        ssn: "123-45-6789",
+        name: "Alice",
+      },
+    }
+    const result = redact(data, rules) as any
+    expect(result.auth.tokens.access).toBe(REDACTED)
+    expect(result.auth.tokens.refresh).toBe(REDACTED)
+    expect(result.auth.username).toBe("alice")
+    expect(result.user.ssn).toBe(REDACTED)
+    expect(result.user.name).toBe("Alice")
+  })
+
+  test("handles null and undefined values", () => {
+    expect(redact(null, rules)).toBeNull()
+    expect(redact(undefined, rules)).toBeUndefined()
+    const data = { key: null, other: undefined, password: "secret" }
+    const result = redact(data, rules) as any
+    expect(result.key).toBeNull()
+    expect(result.other).toBeUndefined()
+    expect(result.password).toBe(REDACTED)
+  })
+
+  test("handles arrays", () => {
+    const data = [
+      { password: "s3cret", name: "alice" },
+      { password: "p4ss", name: "bob" },
+    ]
+    const result = redact(data, rules) as any[]
+    expect(result[0].password).toBe(REDACTED)
+    expect(result[0].name).toBe("alice")
+    expect(result[1].password).toBe(REDACTED)
+    expect(result[1].name).toBe("bob")
+  })
+
+  test("handles circular references", () => {
+    const data: any = { name: "alice", password: "secret" }
+    data.self = data
+    const result = redact(data, rules) as any
+    expect(result.name).toBe("alice")
+    expect(result.password).toBe(REDACTED)
+    expect(result.self._circular).toBe(REDACTED)
+  })
+
+  test("handles primitives (string, number, boolean)", () => {
+    expect(redact(42, rules)).toBe(42)
+    expect(redact(true, rules)).toBe(true)
+    expect(redact("plain text", rules)).toBe("plain text")
+  })
+
+  test("applies value pattern matching to non-header string values", () => {
+    const data = { log: "Got Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ0ZXN0In0 from server" }
+    const result = redact(data, rules) as any
+    expect(result.log).not.toContain("Bearer")
+    expect(result.log).toContain("from server")
+  })
+
+  test("redacts sensitive query parameters in URLs", () => {
+    const rulesWithKey: McpRedactionRules = {
+      ...rules,
+      sensitiveKeys: [...(rules.sensitiveKeys ?? []), "key", "token"],
+    }
+    const data = {
+      request: {
+        url: "https://api.example.com/games?key=14e7149770cd4fdf&other=visible",
+      },
+    }
+    const result = redact(data, rulesWithKey) as any
+    expect(result.request.url).toBe(`https://api.example.com/games?key=${REDACTED}&other=visible`)
+  })
+
+  test("redacts multiple sensitive query parameters", () => {
+    const rulesWithKey: McpRedactionRules = {
+      ...rules,
+      sensitiveKeys: [...(rules.sensitiveKeys ?? []), "key", "token"],
+    }
+    const data = { url: "https://api.example.com/data?key=abc&token=xyz&page=1" }
+    const result = redact(data, rulesWithKey) as any
+    expect(result.url).toBe(`https://api.example.com/data?key=${REDACTED}&token=${REDACTED}&page=1`)
+  })
+
+  test("does not redact query params when no sensitiveKeys match", () => {
+    const data = { url: "https://api.example.com/data?page=1&limit=10" }
+    const result = redact(data, rules) as any
+    expect(result.url).toBe("https://api.example.com/data?page=1&limit=10")
+  })
+
+  test("does not redact non-matching keys or values", () => {
+    const data = { username: "alice", email: "alice@example.com", count: 42 }
+    const result = redact(data, rules) as any
+    expect(result).toEqual(data)
+  })
+
+  test("redacts api_key with underscore style", () => {
+    const data = { api_key: "sk-abc123", name: "test" }
+    const result = redact(data, rules) as any
+    expect(result.api_key).toBe(REDACTED)
+    expect(result.name).toBe("test")
+  })
+
+  test("returns empty rules when no rules match", () => {
+    const emptyRules: McpRedactionRules = {
+      sensitiveKeys: [],
+      statePathPatterns: [],
+      valuePatterns: [],
+    }
+    const data = { password: "secret", headers: { Authorization: "Bearer xyz" } }
+    const result = redact(data, emptyRules) as any
+    expect(result.password).toBe("secret")
+    expect(result.headers.Authorization).toBe("Bearer xyz")
+  })
+
+  test("arrays inside objects with sensitive values", () => {
+    const data = {
+      users: [
+        { name: "alice", password: "s1" },
+        { name: "bob", secret: "s2" },
+      ],
+    }
+    const result = redact(data, rules) as any
+    expect(result.users[0].password).toBe(REDACTED)
+    expect(result.users[1].secret).toBe(REDACTED)
+  })
+})
+
+describe("resolveEffectiveRules()", () => {
+  test("returns server defaults when no client config", () => {
+    const result = resolveEffectiveRules(DEFAULT_SERVER_CONFIG)
+    expect(result).toEqual(DEFAULT_SERVER_CONFIG.defaults)
+  })
+
+  test("returns server defaults when client config is empty", () => {
+    const result = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, {})
+    expect(result).toEqual(DEFAULT_SERVER_CONFIG.defaults)
+  })
+
+  test("merges additional rules from client", () => {
+    const clientConfig: McpRedactionConfig = {
+      additionalRules: {
+        sensitiveKeys: ["myCustomField", "x-custom-auth"],
+      },
+    }
+    const result = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)!
+    expect(result.sensitiveKeys).toContain("myCustomField")
+    expect(result.sensitiveKeys).toContain("x-custom-auth")
+    expect(result.sensitiveKeys).toContain("password") // default still present
+    expect(result.sensitiveKeys).toContain("authorization") // default header still present
+  })
+
+  test("ignores removeRules when server disallows", () => {
+    const clientConfig: McpRedactionConfig = {
+      removeRules: {
+        sensitiveKeys: ["authorization"],
+      },
+    }
+    const result = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)!
+    expect(result.sensitiveKeys).toContain("authorization")
+  })
+
+  test("honors removeRules when server allows", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientRemoveRules: true,
+    }
+    const clientConfig: McpRedactionConfig = {
+      removeRules: {
+        sensitiveKeys: ["authorization"],
+      },
+    }
+    const result = resolveEffectiveRules(serverConfig, clientConfig)!
+    expect(result.sensitiveKeys).not.toContain("authorization")
+    // Other defaults should remain
+    expect(result.sensitiveKeys).toContain("cookie")
+  })
+
+  test("ignores disableRedaction when server disallows", () => {
+    const clientConfig: McpRedactionConfig = {
+      disableRedaction: true,
+    }
+    const result = resolveEffectiveRules(DEFAULT_SERVER_CONFIG, clientConfig)
+    expect(result).toEqual(DEFAULT_SERVER_CONFIG.defaults)
+  })
+
+  test("returns null when disableRedaction is true and server allows", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientDisable: true,
+    }
+    const clientConfig: McpRedactionConfig = {
+      disableRedaction: true,
+    }
+    const result = resolveEffectiveRules(serverConfig, clientConfig)
+    expect(result).toBeNull()
+  })
+
+  test("removeRules and additionalRules can be combined", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientRemoveRules: true,
+    }
+    const clientConfig: McpRedactionConfig = {
+      removeRules: {
+        sensitiveKeys: ["password"],
+      },
+      additionalRules: {
+        sensitiveKeys: ["mySecret"],
+      },
+    }
+    const result = resolveEffectiveRules(serverConfig, clientConfig)!
+    expect(result.sensitiveKeys).not.toContain("password")
+    expect(result.sensitiveKeys).toContain("mySecret")
+    expect(result.sensitiveKeys).toContain("secret") // other defaults intact
+  })
+
+  test("removeRules are case-insensitive", () => {
+    const serverConfig: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      allowClientRemoveRules: true,
+    }
+    const clientConfig: McpRedactionConfig = {
+      removeRules: {
+        sensitiveKeys: ["AUTHORIZATION", "PASSWORD"],
+      },
+    }
+    const result = resolveEffectiveRules(serverConfig, clientConfig)!
+    expect(result.sensitiveKeys).not.toContain("authorization")
+    expect(result.sensitiveKeys).not.toContain("password")
+  })
+})
+
+describe("DEFAULT_REDACTION_RULES", () => {
+  test("has expected default HTTP header names in sensitiveKeys", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("authorization")
+    expect(keys).toContain("cookie")
+    expect(keys).toContain("set-cookie")
+    expect(keys).toContain("x-api-key")
+  })
+
+  test("includes CSRF/XSRF header variants", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("x-csrf-token")
+    expect(keys).toContain("x-xsrf-token")
+    expect(keys).toContain("csrf-token")
+  })
+
+  test("includes IP-forwarding PII headers", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("x-forwarded-for")
+    expect(keys).toContain("x-real-ip")
+  })
+
+  test("has expected default sensitive keys", () => {
+    expect(DEFAULT_REDACTION_RULES.sensitiveKeys).toContain("password")
+    expect(DEFAULT_REDACTION_RULES.sensitiveKeys).toContain("secret")
+    expect(DEFAULT_REDACTION_RULES.sensitiveKeys).toContain("access_token")
+  })
+
+  test("includes common auth-token key variants", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("token")
+    expect(keys).toContain("bearer")
+    expect(keys).toContain("jwt")
+    expect(keys).toContain("id_token")
+    expect(keys).toContain("idtoken")
+  })
+
+  test("includes session and CSRF key variants", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("session")
+    expect(keys).toContain("sessionid")
+    expect(keys).toContain("csrf")
+    expect(keys).toContain("xsrf")
+  })
+
+  test("includes password aliases", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("passwd")
+    expect(keys).toContain("pwd")
+  })
+
+  test("includes OAuth client_secret variants", () => {
+    const keys = DEFAULT_REDACTION_RULES.sensitiveKeys ?? []
+    expect(keys).toContain("client_secret")
+    expect(keys).toContain("clientsecret")
+  })
+
+  test("value patterns match common token formats", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+
+    // Bearer token
+    const bearerResult = redact("Bearer abc123def456", rules)
+    expect(bearerResult).toBe(REDACTED)
+
+    // OpenAI key
+    const openaiResult = redact("sk-abcdefghijklmnopqrstuvwxyz", rules)
+    expect(openaiResult).toBe(REDACTED)
+
+    // GitHub PAT
+    const ghpResult = redact("ghp_abcdefghijklmnopqrstuvwxyz1234567", rules)
+    expect(ghpResult).toBe(REDACTED)
+
+    // Slack token
+    const slackResult = redact("xoxb-abc123-def456-ghi789", rules)
+    expect(slackResult).toBe(REDACTED)
+
+    // Non-matching string
+    const plainResult = redact("hello world", rules)
+    expect(plainResult).toBe("hello world")
+  })
+
+  test("value patterns match Anthropic API keys", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    // Built at runtime so GitHub secret scanning doesn't flag the test file.
+    const fakeKey = ["sk", "ant"].join("-") + "-" + "x".repeat(32)
+    expect(redact(fakeKey, rules)).toBe(REDACTED)
+  })
+
+  test("value patterns match AWS access key IDs", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    const fakeKey = "AKI" + "A" + "X".repeat(16)
+    expect(redact(fakeKey, rules)).toBe(REDACTED)
+  })
+
+  test("value patterns match Google API keys", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    // Google API keys are 39 chars: prefix + 35 more.
+    const fakeKey = "AIz" + "a" + "X".repeat(35)
+    expect(redact(fakeKey, rules)).toBe(REDACTED)
+  })
+
+  test("value patterns match Stripe keys", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    const body = "X".repeat(28)
+    expect(redact(["sk", "live", body].join("_"), rules)).toBe(REDACTED)
+    expect(redact(["pk", "test", body].join("_"), rules)).toBe(REDACTED)
+    expect(redact(["rk", "live", body].join("_"), rules)).toBe(REDACTED)
+  })
+
+  test("value patterns match PEM private key blocks", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    const pem = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA...\n-----END RSA PRIVATE KEY-----"
+    const result = redact(pem, rules)
+    expect(result).toBe(REDACTED)
+
+    const openssh = "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjE=\n-----END OPENSSH PRIVATE KEY-----"
+    expect(redact(openssh, rules)).toBe(REDACTED)
+
+    const generic = "-----BEGIN PRIVATE KEY-----\nMIIEv...\n-----END PRIVATE KEY-----"
+    expect(redact(generic, rules)).toBe(REDACTED)
+  })
+
+  test("GitHub PAT pattern covers all prefix variants", () => {
+    const rules: McpRedactionRules = { valuePatterns: DEFAULT_REDACTION_RULES.valuePatterns }
+    // Built at runtime so GitHub secret scanning doesn't flag the test file.
+    const body = "X".repeat(36)
+    for (const prefix of ["ghp", "ghs", "gho", "ghu", "ghr"]) {
+      expect(redact(`${prefix}_${body}`, rules)).toBe(REDACTED)
+    }
+  })
+})
+
+describe("form-urlencoded body redaction", () => {
+  test("redacts sensitive values in form-encoded body strings", () => {
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password", "token"],
+      valuePatterns: [],
+    }
+    const body = "username=alice&password=s3cret&token=abc123&remember=1"
+    const result = redact(body, rules)
+    expect(result).toBe(`username=alice&password=${REDACTED}&token=${REDACTED}&remember=1`)
+  })
+
+  test("redacts form-encoded inside a request.data string", () => {
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password"],
+      valuePatterns: [],
+    }
+    const data = {
+      request: {
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        data: "user=alice&password=hunter2",
+      },
+    }
+    const result = redact(data, rules) as any
+    expect(result.request.data).toBe(`user=alice&password=${REDACTED}`)
+  })
+
+  test("does not false-positive on casual strings with '=' ", () => {
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password"],
+      valuePatterns: [],
+    }
+    // Must NOT be treated as form-encoded — it's just prose with an equals sign.
+    const data = { note: "The setting x=5 was applied, and the count is 3" }
+    const result = redact(data, rules) as any
+    expect(result.note).toBe("The setting x=5 was applied, and the count is 3")
+  })
+
+  test("does not alter form-encoded strings when no sensitive key matches", () => {
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password"],
+      valuePatterns: [],
+    }
+    const body = "page=1&limit=10&sort=desc"
+    expect(redact(body, rules)).toBe(body)
+  })
+
+  test("URL with query params still uses URL path, not form-encoded path", () => {
+    // Regression guard: a string containing '?' should go through the URL branch,
+    // not the form-encoded branch.
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["token"],
+      valuePatterns: [],
+    }
+    const url = "https://api.example.com/x?token=abc&page=1"
+    expect(redact(url, rules)).toBe(`https://api.example.com/x?token=${REDACTED}&page=1`)
+  })
+
+  test("handles bracketed and percent-encoded keys", () => {
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password"],
+      valuePatterns: [],
+    }
+    const body = "user[name]=alice&password=hunter2"
+    const result = redact(body, rules)
+    expect(result).toBe(`user[name]=alice&password=${REDACTED}`)
+  })
+
+  test("handles plus-encoded values (form spaces)", () => {
+    // Form bodies frequently use + for spaces in values, e.g. "name=Alice+Smith".
+    // Pre-fix the key char class excluded +, so a key like "x+1" would skip the
+    // form-encoded path entirely. Values with + always worked because [^&]* was permissive.
+    const rules: McpRedactionRules = {
+      sensitiveKeys: ["password"],
+      valuePatterns: [],
+    }
+    expect(redact("name=Alice+Smith&password=hunter2", rules))
+      .toBe(`name=Alice+Smith&password=${REDACTED}`)
+    // Key with +
+    expect(redact("a+b=1&password=hunter2", rules))
+      .toBe(`a+b=1&password=${REDACTED}`)
+  })
+})
+
+describe("JSON string body redaction", () => {
+  const rules: McpRedactionRules = {
+    sensitiveKeys: ["password", "api_key", "accessToken"],
+    valuePatterns: ["sk-[a-zA-Z0-9_-]{20,}"],
+  }
+
+  test("redacts sensitive keys inside JSON-stringified request body", () => {
+    const body = JSON.stringify({ password: "hunter2", api_key: "x", username: "alice" })
+    const result = redact(body, rules) as string
+    const parsed = JSON.parse(result)
+    expect(parsed.password).toBe(REDACTED)
+    expect(parsed.api_key).toBe(REDACTED)
+    expect(parsed.username).toBe("alice")
+  })
+
+  test("redacts sensitive keys in nested JSON string body", () => {
+    const data = {
+      request: {
+        data: JSON.stringify({ password: "hunter2", accessToken: "y", note: "hello" }),
+      },
+    }
+    const result = redact(data, rules) as any
+    const parsed = JSON.parse(result.request.data)
+    expect(parsed.password).toBe(REDACTED)
+    expect(parsed.accessToken).toBe(REDACTED)
+    expect(parsed.note).toBe("hello")
+  })
+
+  test("applies value patterns inside JSON string bodies", () => {
+    const body = JSON.stringify({ note: "embedded sk-ABCDEFGHIJKLMNOPQRSTUVWX" })
+    const result = redact(body, rules) as string
+    const parsed = JSON.parse(result)
+    expect(parsed.note).toContain(REDACTED)
+    expect(parsed.note).not.toContain("sk-ABCDE")
+  })
+
+  test("falls through to value patterns when string is not valid JSON", () => {
+    const value = "{not valid json sk-ABCDEFGHIJKLMNOPQRSTUVWX"
+    const result = redact(value, rules) as string
+    expect(result).toContain(REDACTED)
+    expect(result).not.toContain("sk-ABCDE")
+  })
+
+  test("handles JSON array strings", () => {
+    const body = JSON.stringify([{ password: "s1" }, { api_key: "s2" }])
+    const result = redact(body, rules) as string
+    const parsed = JSON.parse(result)
+    expect(parsed[0].password).toBe(REDACTED)
+    expect(parsed[1].api_key).toBe(REDACTED)
+  })
+
+  test("does not alter non-JSON strings that happen to start with {", () => {
+    // Not valid JSON — should fall through
+    const value = "{this is not json}"
+    const result = redact(value, rules)
+    expect(result).toBe("{this is not json}")
+  })
+})
+
+describe("redact() with basePath for subtree requests", () => {
+  const rules: McpRedactionRules = {
+    sensitiveKeys: [],
+    statePathPatterns: ["redactionTest.auth.tokens.*"],
+    valuePatterns: [],
+  }
+
+  test("absolute state path patterns match when basePath is provided", () => {
+    // Simulates request_state({ path: "redactionTest.auth" }) returning a subtree
+    const subtree = {
+      username: "alice",
+      tokens: { access: "raw-access", refresh: "raw-refresh" },
+    }
+    const result = redact(subtree, rules, "redactionTest.auth") as any
+    expect(result.username).toBe("alice")
+    expect(result.tokens.access).toBe(REDACTED)
+    expect(result.tokens.refresh).toBe(REDACTED)
+  })
+
+  test("patterns still work without basePath (full tree)", () => {
+    const fullTree = {
+      redactionTest: {
+        auth: {
+          username: "alice",
+          tokens: { access: "raw-access", refresh: "raw-refresh" },
+        },
+      },
+    }
+    const result = redact(fullTree, rules) as any
+    expect(result.redactionTest.auth.username).toBe("alice")
+    expect(result.redactionTest.auth.tokens.access).toBe(REDACTED)
+    expect(result.redactionTest.auth.tokens.refresh).toBe(REDACTED)
+  })
+
+  test("basePath does not cause false positives", () => {
+    const subtree = { name: "alice", email: "alice@example.com" }
+    const result = redact(subtree, rules, "redactionTest.auth") as any
+    expect(result.name).toBe("alice")
+    expect(result.email).toBe("alice@example.com")
+  })
+})
+
+describe("redactAsyncStorageData()", () => {
+  const rules: McpRedactionRules = {
+    sensitiveKeys: ["password", "api_key", "accessToken"],
+    valuePatterns: ["Bearer\\s+[A-Za-z0-9\\-._~+/]+=*"],
+  }
+
+  describe("setItem / mergeItem", () => {
+    test("redacts value when storage key carries a sensitive segment", () => {
+      const data = { key: "auth:password", value: "hunter2" }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.value).toBe(REDACTED)
+    })
+
+    test("redacts JSON string values when storage key is not sensitive", () => {
+      const jsonValue = JSON.stringify({ password: "hunter2", name: "alice" })
+      const data = { key: "cached:data", value: jsonValue }
+      const result = redactAsyncStorageData(data, rules) as any
+      const parsed = JSON.parse(result.value)
+      expect(parsed.password).toBe(REDACTED)
+      expect(parsed.name).toBe("alice")
+    })
+  })
+
+  describe("multiSet / multiMerge", () => {
+    test("redacts values when storage key carries a sensitive segment (colon)", () => {
+      const data = {
+        pairs: [
+          ["auth:password", "hunter2"],
+          ["auth:api_key", "leaked-api-key"],
+          ["settings:theme", "dark"],
+        ],
+      }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0]).toEqual(["auth:password", REDACTED])
+      expect(result.pairs[1]).toEqual(["auth:api_key", REDACTED])
+      expect(result.pairs[2]).toEqual(["settings:theme", "dark"])
+    })
+
+    test("redacts when storage key uses dot separator", () => {
+      const data = { pairs: [["user.accessToken", "secret-token"]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
+
+    test("redacts when storage key uses slash separator", () => {
+      const data = { pairs: [["auth/password", "hunter2"]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
+
+    test("redacts when storage key contains sensitive key as substring", () => {
+      const data = {
+        pairs: [
+          ["auth_password", "hunter2"],
+          ["persist:api_key", "leaked"],
+          ["myAccessToken", "secret"],
+        ],
+      }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+      expect(result.pairs[1][1]).toBe(REDACTED)
+      expect(result.pairs[2][1]).toBe(REDACTED)
+    })
+
+    test("applies JSON-string redaction to non-sensitive pair values", () => {
+      const jsonValue = JSON.stringify({ password: "hunter2", api_key: "leaked", note: "Bearer abcdef1234567890ABCDEFGH" })
+      const data = { pairs: [["auth:session_data", jsonValue]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      const parsed = JSON.parse(result.pairs[0][1])
+      expect(parsed.password).toBe(REDACTED)
+      expect(parsed.api_key).toBe(REDACTED)
+      expect(parsed.note).toBe(REDACTED) // Bearer pattern match
+    })
+
+    test("preserves non-pair fields on the wrapper", () => {
+      const data = { pairs: [["auth:password", "hunter2"]], extra: "preserved" }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.extra).toBe("preserved")
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
+  })
+
+  test("handles null and undefined", () => {
+    expect(redactAsyncStorageData(null, rules)).toBeNull()
+    expect(redactAsyncStorageData(undefined, rules)).toBeUndefined()
+  })
+
+  test("returns data unchanged when no sensitiveKeys configured", () => {
+    const emptyRules: McpRedactionRules = { sensitiveKeys: [], valuePatterns: [] }
+    const data = { pairs: [["auth:password", "hunter2"]] }
+    const result = redactAsyncStorageData(data, emptyRules) as any
+    expect(result.pairs[0][1]).toBe("hunter2")
+  })
+})
+
+describe("createRedactor()", () => {
+  // Minimal mock: connections is the only field createRedactor reaches into.
+  function mockServer(connections: Array<{ clientId: string; mcpRedaction?: McpRedactionConfig }>) {
+    return { connections } as any
+  }
+
+  test("memoizes rule resolution per clientId", () => {
+    // Spy on resolveEffectiveRules by counting how many times the underlying
+    // server.connections lookup runs. Since we can't spy on the internal helper
+    // directly, drive a connections array whose `.find` we instrument.
+    const conn = { clientId: "app-A", mcpRedaction: { additionalRules: { sensitiveKeys: ["foo"] } } }
+    let findCalls = 0
+    const connections: any = [conn]
+    const origFind = connections.find.bind(connections)
+    connections.find = (predicate: any) => { findCalls++; return origFind(predicate) }
+
+    const redactor = createRedactor({ connections } as any, DEFAULT_SERVER_CONFIG)
+    redactor.redact({ foo: "x", password: "y" }, "app-A")
+    redactor.redact({ foo: "x", password: "y" }, "app-A")
+    redactor.redact({ foo: "x", password: "y" }, "app-A")
+
+    // Only one connection lookup despite three redact calls.
+    expect(findCalls).toBe(1)
+  })
+
+  test("separate cache entries per clientId", () => {
+    const connections = [
+      { clientId: "app-A", mcpRedaction: { additionalRules: { sensitiveKeys: ["fooA"] } } },
+      { clientId: "app-B", mcpRedaction: { additionalRules: { sensitiveKeys: ["fooB"] } } },
+    ]
+    const redactor = createRedactor({ connections } as any, DEFAULT_SERVER_CONFIG)
+
+    const dataA = redactor.redact({ fooA: "leak", fooB: "ok" }, "app-A") as any
+    const dataB = redactor.redact({ fooA: "ok", fooB: "leak" }, "app-B") as any
+
+    expect(dataA.fooA).toBe(REDACTED)
+    expect(dataA.fooB).toBe("ok")
+    expect(dataB.fooA).toBe("ok")
+    expect(dataB.fooB).toBe(REDACTED)
+  })
+
+  test("redactState anchors path patterns at statePath", () => {
+    const config: McpRedactionServerConfig = {
+      ...DEFAULT_SERVER_CONFIG,
+      defaults: { ...DEFAULT_SERVER_CONFIG.defaults, statePathPatterns: ["auth.tokens.*"] },
+    }
+    const redactor = createRedactor(mockServer([]), config)
+
+    const subtree = { tokens: { access: "raw" } }
+    const result = redactor.redactState(subtree, undefined, "auth") as any
+    expect(result.tokens.access).toBe(REDACTED)
+  })
+
+  test("redactAsyncStorage applies storage-key heuristic", () => {
+    const redactor = createRedactor(mockServer([]), DEFAULT_SERVER_CONFIG)
+    const data = { pairs: [["auth:password", "hunter2"]] }
+    const result = redactor.redactAsyncStorage(data) as any
+    expect(result.pairs[0][1]).toBe(REDACTED)
+  })
+
+  test("returns data unchanged when client has fully disabled redaction", () => {
+    const config: McpRedactionServerConfig = { ...DEFAULT_SERVER_CONFIG, allowClientDisable: true }
+    const redactor = createRedactor(
+      mockServer([{ clientId: "app-A", mcpRedaction: { disableRedaction: true } }]),
+      config
+    )
+    const data = { password: "hunter2" }
+    expect(redactor.redact(data, "app-A")).toBe(data)
+  })
+})