How-to: PII masking¶
Aegis's PII pack masks personally identifiable information in ingress messages and unmasks it in the model's response — the model never sees real PII.
Install¶
pip install "aegis-gateway[pii]"
python -m spacy download en_core_web_sm
Configure¶
providers:
main:
type: anthropic
api_key: secret://env/ANTHROPIC_API_KEY
guardrails:
pii:
pack: aegis.pii
mode: mask
pipeline:
ingress: [pii]
egress: [pii.unmask]
routes:
default:
provider: main
The ingress stage replaces detected entities with placeholders like
<PERSON_1>, <EMAIL_ADDRESS_1>. The egress stage substitutes them back in
the response using the per-run mask map (never serialised into model-visible
messages).
Supported entity types¶
The PII pack uses Presidio + the
en_core_web_sm spaCy model. Detected by default:
PERSON,EMAIL_ADDRESS,PHONE_NUMBER,LOCATION,CREDIT_CARD,IBAN_CODE,IP_ADDRESS,URL,US_SSN,DATE_TIME
Audit events¶
Every masking and unmasking operation emits an event into the run's event log. Query it via:
curl http://localhost:8000/v1/audit
Testing without PII installed¶
In unit tests, use FakeProvider and skip PII installation:
import pytest
pytest.importorskip("presidio_analyzer", reason="[pii] extra not installed")