> ## Documentation Index
> Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Regex

> How regular-expression gateway rules work in MCP Manager: JavaScript regex syntax with case-insensitive global matching, multiple OR patterns, the five actions (block, redact, replace, mask, hash), and ready-to-use patterns for prompt injection, SSNs, credit cards, and secrets.

A **regular expression** rule is the most flexible [gateway rule](/features/gateway-rules/overview) detection method in MCP Manager: you supply one or more patterns, and the rule matches them against the text of a tool message. Select **Regular expression** as the **Detection method** in the rule editor on a gateway's **Rules** tab.

## How regex matching works

MCP Manager compiles each pattern as a **JavaScript regular expression** and evaluates it with the **case-insensitive (`i`)** and **global (`g`)** flags. Matching therefore ignores letter case and finds *every* occurrence in the message, not just the first. Enter patterns in JavaScript syntax (the same syntax the `RegExp` constructor accepts); surrounding slashes are optional.

A regex rule scans the text of the tool message on whichever [detection hook](/features/gateway-rules/overview#detection-hook-when-a-rule-fires) you chose — the tool's arguments on the request leg, or the tool's result on the response leg. Because regex runs in-process and synchronously, it never "fails," so a regex rule has no [failure mode](/features/gateway-rules/overview#failure-mode-what-happens-when-a-detection-method-fails).

## Multiple patterns

A single rule can hold **more than one pattern**. Use **Add matching pattern** in the rule editor to add another. Patterns are evaluated as an **OR**: if *any* pattern matches, the rule's action fires. Each pattern is compiled and tested independently.

## Pattern validation and the Regex101 helper

If a pattern has invalid syntax, the rule editor shows an inline error with a **"Click here to test and fix your pattern on Regex101"** link, pre-filled with your pattern so you can debug it on [regex101.com](https://regex101.com) and paste the corrected version back.

## Actions

Regular-expression rules support **all five** rule actions. The action applies to the text each pattern matched:

| Action      | What it does to the matched text                                                                                                              |
| ----------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| **Block**   | Blocks the whole message. A blocked request never reaches the server; a blocked response never reaches the client.                            |
| **Redact**  | Removes the match entirely, leaving nothing in its place.                                                                                     |
| **Replace** | Substitutes the match with the constant `<SENSITIVE>`.                                                                                        |
| **Mask**    | Replaces each character of the match with an asterisk, preserving the original length.                                                        |
| **Hash**    | Replaces the match with a truncated SHA-256 hash, `<HASH:…>` (16 hex characters), so you can correlate repeated values without exposing them. |

For the modification actions (redact, replace, mask, hash), every occurrence of every matched pattern is transformed and the message then continues to the next enabled rule. A **Block** action stops rule processing immediately. See [Actions](/features/gateway-rules/overview#actions-what-a-matching-rule-does) for how actions and [rule order](/features/gateway-rules/overview#rule-order-and-the-enable-toggle) interact.

## Examples

<AccordionGroup>
  <Accordion title="Block prompt-injection attempts">
    Detection method: **Regular expression** · Action: **Block** · Alerts: **on**

    ```text Patterns theme={null}
    ignore\s+(all\s+)?(previous|prior|above|earlier)\s+(instructions|prompts|directives)
    you\s+are\s+now\s+(in\s+)?(developer|admin|debug|unrestricted)\s+mode
    disregard\s+(all\s+)?(your|the)\s+(previous|prior|safety|system)\s+(instructions|rules|guidelines|prompt)
    system\s*:\s*(you\s+are|from\s+now|new\s+instructions|override)
    ```

    If a tool response carries text like "ignore your previous instructions," the response is blocked before the model sees it. Enable alerts so you're notified on every attempt.
  </Accordion>

  <Accordion title="Redact or replace US Social Security numbers">
    Detection method: **Regular expression** · Action: **Replace**

    ```text Pattern theme={null}
    \b\d{3}[-\s]?\d{2}[-\s]?\d{4}\b
    ```

    Matches `123-45-6789`, `123 45 6789`, and `123456789`. With **Replace** each match becomes `<SENSITIVE>`; with **Redact** it disappears.
  </Accordion>

  <Accordion title="Mask credit-card numbers">
    Detection method: **Regular expression** · Action: **Mask**

    ```text Pattern theme={null}
    \b(?:\d[ -]*?){13,19}\b
    ```

    Catches most card formats and replaces the digits with asterisks, preserving length. For checksum-validated detection with fewer false positives, use a [Presidio](/features/gateway-rules/presidio) rule with the `CREDIT_CARD` entity instead.
  </Accordion>

  <Accordion title="Redact API keys and tokens">
    Detection method: **Regular expression** · Action: **Replace**

    ```text Patterns theme={null}
    (?:api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\s*[:=]\s*['"]?[A-Za-z0-9_\-\.]{20,}['"]?
    sk[-_]live[-_][A-Za-z0-9]{20,}
    ghp_[A-Za-z0-9]{36,}
    AKIA[0-9A-Z]{16}
    ```

    Targets generic key/secret assignments plus Stripe secret keys, GitHub personal access tokens, and AWS access key IDs.
  </Accordion>
</AccordionGroup>

<Tip>
  Roll a new pattern out on a non-destructive action first. Set the action to **Replace** with **Alerts** on, watch the [Alerts](/features/alerts) and [logs](/features/viewing-logs) to see what it catches, tune the pattern to remove false positives, and only then switch high-severity rules to **Block**.
</Tip>

## Further reading

<CardGroup cols={2}>
  <Card title="Microsoft Presidio" icon="user-shield" href="/features/gateway-rules/presidio">
    Context-aware detection for unstructured PII like names and addresses.
  </Card>

  <Card title="Gateway Rules Overview" icon="shield-halved" href="/features/gateway-rules/overview">
    Detection methods, hooks, failure modes, actions, and rule ordering.
  </Card>

  <Card title="Custom Rule Engines" icon="plug" href="/features/gateway-rules/custom-rules-engines">
    Delegate nuanced policy to AWS Bedrock, Lakera Guard, or your own webhook.
  </Card>
</CardGroup>
