PII Filter
Detect and redact personally identifiable information in LLM message content.
Detect and redact personally identifiable information in LLM message content.
Sensitivity levels
- relaxed: email, SSN, credit card (Luhn-validated)
- balanced (default): + phone (Google libphonenumber, 250+ countries), IPv4 (octet-validated), IBAN (mod-97), DoB, salutation-prefixed names, EIN
- strict: + US passport numbers, generic hex secrets
Options: pii_types, allowlist, custom_patterns,
action (redact/mask/hash), sensitivity.
Configuration
Section titled “Configuration”| Field | Type | Default | Description |
|---|---|---|---|
pii_types | `array | null` | None |
sensitivity | string | "balanced" | 'relaxed' = email, SSN, credit card only (no phone). 'balanced' (default) = + phone (libphonenumber), IPv4, IBAN, DoB, names, EIN. 'strict' = all types, no context requirement. |
action | string | "redact" | Replacement format for detected PII (not credentials). 'redact' → [protected:TYPE] (default). 'mask' → ****. 'hash' → [protected:TYPE:HASH8] (referential integrity). |
allowlist | array | [] | Values left untouched regardless of detection (e.g. known-safe emails). |
custom_patterns | array | [] | Additional regex patterns added to the PII tier as relaxed-level detectors. |
Examples
Section titled “Examples”# Example 1type: pii_filterconfig: sensitivity: balanced# Example 2type: pii_filterconfig: pii_types: - email - phone - ssn - creditcard# Example 3type: pii_filterconfig: action: hash sensitivity: strict# Example 4type: pii_filterconfig: custom_patterns: - name: employee_id pattern: \bEMP-\d{6}\b