Kiteworks Agent Marketplace
Sign in with Kiteworks
Compliance-grade classification

Sensitivity Label Manager

by Kiteworks Inc. · v0.1.1

Inventory and apply Microsoft sensitivity labels (Word, PowerPoint, Excel) in a Kiteworks folder — preview what is labeled, then set or upgrade from your organization's taxonomy with one confirmation. Marking-only and set/upgrade only: it never downgrades, removes, or applies encryption, and the file content never leaves the platform.

Modifies your content · approval required Metadata only RBAC / ABAC Audit logged
Install View on GitHub
Free for Kiteworks customers
Version v0.1.1 Status Live Posture User-content mutation

What it does

Inventory and apply Microsoft (MSIP) sensitivity labels — unprotected, set/upgrade only — on Office files in a Kiteworks folder.

sensitivity-label-read sensitivity-label-write artifact-output

See it in action

You

Show me the sensitivity labels on the files in Finance/Contracts

Sensitivity Label Manager

Pinning Finance/Contracts and reading each Office file's Microsoft sensitivity label on the platform — current label, GUID and status only, never the file content. Nothing is changed in an inventory.

8 Files scanned
5 Labeled
3 Unlabeled
FileCurrent labelStatus
msa-acme.docxConfidentiallabeled
pricing.xlsxunlabeled
board-deck.pptxInternallabeled
Read-only inventory. To label, run "apply" with a target label and the confirmation code — the platform writes a labeled copy and moves the original into "Relabeled originals". Set/upgrade only; never a downgrade or encryption.
Illustrative example · not live tenant data

Relevant regulations and standards

Frameworks and mandates this agent helps you address. Not a certification — your own controls and assessment still apply.

GDPR

Tags

classificationsensitivity-labelsmsippurview

What's new

latest 0.1.1

Published version history. The latest version is what new installs receive; your administrator chooses when to upgrade.

  1. 0.1.1 stable latest 2026-06-15

    inventory no longer requires a configured tenant taxonomy. Reading the MSIP label already on a file (name / GUID / M365 site) is pure metadata and never needed the taxonomy — that was only used to *classify* a label as known / deprecated. So inventory now degrades gracefully: with no taxonomy (or a malformed one) it still reports every file's raw label and marks labeled files unknown (present, unclassified), and a new top-level taxonomy_status (ok / not_configured / invalid) surfaces why classification was unavailable. It never classifies against an unverified taxonomy. apply (set/upgrade) still hard-requires a valid taxonomy — that path genuinely needs it to choose a target and reject downgrades. Output/report change → patch.

    Security hardening (same release). Several review-driven fixes that tighten the trust model:

    • Multi-label files are refused, never relabeled. A file carrying more than one MSIP label is ambiguous and is left untouched (a relabel write replaces the whole label set, which would silently drop a second — possibly protected — label).
    • Label identity is GUID + M365 site, everywhere. Both apply and inventory now treat a label as the tenant's only when the GUID *and* the site_id match. A matching GUID with a missing or foreign site is reported present-but-unverified (missing_current_site_id / cross_tenant_site_id), never as a trusted tenant label.
    • Spoof-safe names. Taxonomy label names AND file-embedded label names are validated (length, XML 1.0, UTF-8, no bidi/invisible controls) before they reach output, CSV, or the file's OOXML metadata; unsafe embedded names are blanked.
    • Bounded, exact inputs. path / label_guid / plan_hash are type- and length-checked (never coerced into echoed output); label_guid must be a canonical 36-char GUID, matching the manifest schema exactly.
  2. 0.1.0 stable 2026-06-15

    Initial Microsoft Purview (MSIP) sensitivity-label agent (MSIP-LABEL-AGENT-PLAN, marking-only / Lane A). Two operations over the platform content lane:

    • inventory (read-only) — pins a folder and reports each Office file's current label, GUID, M365 site, and status (labeled / unlabeled / unknown / deprecated). Writes nothing.
    • apply (two-phase preview → confirm → mutate, ABAC role-gated, audited) — re-pins, re-reads, classifies each file against the tenant taxonomy, and returns a confirmation plan_hash + preview; re-posting the matching plan_hash stamps the target label. SET (on an unlabeled file) or UPGRADE (to a higher sensitivity) ONLY — never a downgrade or remove, and never a relabel of a protection-bearing (Privileged) label.

    Writes are marking-only OOXML metadata (the label Office honors) and produce a Kiteworks audit entry — NOT a Microsoft Purview audit event; this is not the MIP SetLabel path and never applies encryption/RMS. W1 write-back: a <name>-labeled.<ext> copy is written next to the original and the original is moved into a per-folder "Relabeled originals" folder (a new file id). The agent never touches file bytes — it consumes the admin-asserted per-tenant taxonomy (raw stored config), verifies its canonical digest, and binds that digest into the apply plan hash. Supports docx / pptx / xlsx. Ships English-only; nl/he/ja storefront overlays are a reviewed fast-follow.

Install in Claude Code

claude plugin marketplace add \
  kiteworks/agent-marketplace
claude plugin install \
  kiteworks-msip-labeler@kiteworks

Prerequisites

  • Kiteworks Compliance Runtime — install via pip install kw-mcp-gateway (host >=1.0.0,<2.0.0). This agent calls into the runtime for deterministic, audited execution.
  • Official Kiteworks MCP >=9.3.0 (used by the runtime) — install and sign in from github.com/kiteworks/mcp.
  • Python >=3.11.

Connect from Claude

Add this marketplace as a remote MCP connector in Claude Desktop or Claude Code — point it at <your-host>/mcp. One process per deployment; no per-machine install. Requires the official Kiteworks MCP to be configured.