PII Detection
What gets redacted before data ever leaves your machine.
No text reaches an AI provider without going through detection and your explicit approval first. This isn't a setting to enable — it's the only path data can take out of the app.
log file → detect_pii() → you approve each span → apply_redactions() → AI provider
What gets detected
| Type | Replaced with |
|---|---|
| URLs with embedded credentials | [URL] |
| Bearer tokens | [Bearer] |
| API keys / access tokens | [ApiKey] |
| Passwords | [Password] |
| Social security numbers | [SSN] |
| Credit card numbers (Visa/MC/Amex/Discover/JCB/Diners) | [CreditCard] |
| Email addresses | [Email] |
| MAC addresses | [MAC] |
| IPv4 / IPv6 addresses | [IPv4] / [IPv6] |
| Phone numbers | [Phone] |
| Internal hostnames / FQDNs | [Hostname] |
Overlapping matches
When two patterns match the same text, the longer match wins — so, for example, a full credentialed URL is redacted as one unit rather than leaving fragments of the embedded password exposed.
You approve every span
Detected spans are shown in a before/after diff. Nothing is sent until you approve it — reject any span you don't want redacted-and-sent, or don't want sent at all.
The original, unredacted text never leaves your machine. Only the redacted version is transmitted, and its SHA-256 hash is recorded in the audit log — so you can later verify exactly what was sent, without the raw sensitive values ever being stored longer than necessary.
Why this matters for public safety / critical infra
- Incident logs routinely contain internal hostnames, IPs, and credentials — exactly the material that shouldn't leave a secure network unreviewed
- Detection runs locally, in Rust, before any network call is even attempted
- Works identically whether you're on a cloud AI provider or fully offline via Ollama