PII redaction
Strip emails, phone numbers, SSNs, and other PII from messages before they hit the model or your logs.
Leaking user PII into an LLM request is the security incident no one
plans for. @agentskit/core/security ships a tiny regex-based
redactor that handles the common patterns (email, phone, SSN, IPv4,
credit-card, UUID) and lets you add your own rules.
Regex is not enough for high-stakes use — layer a model-based PII detector on top for production. But the 20-line version catches the low-hanging incidents today.
Install
Built into @agentskit/core via subpath (no main-bundle weight).
import { createPIIRedactor } from '@agentskit/core/security'Scrub a string
const redactor = createPIIRedactor()
const { value, hits } = redactor.redact(
'Contact alice@corp.com at +1 555-123-4567 — SSN 123-45-6789',
)
console.log(value) // → 'Contact [REDACTED_EMAIL] at [REDACTED_PHONE] — SSN [REDACTED_SSN]'
console.log(hits) // → [{ rule: 'email', count: 1 }, ...]Scrub a whole conversation
import type { Message } from '@agentskit/core'
const { value: safeMessages, hits } = redactor.redactMessages(messages)Pipe safeMessages into the adapter; log hits so you know which
rules fired without having to log the payload.
Custom rules
const redactor = createPIIRedactor({
rules: [
{ name: 'api-key', pattern: /sk-[A-Za-z0-9]{32,}/g, replacer: '[REDACTED_KEY]' },
{ name: 'iban', pattern: /[A-Z]{2}\d{2}[A-Z0-9]{11,30}/g, replacer: '[REDACTED_IBAN]' },
],
})Pass DEFAULT_PII_RULES in to extend rather than replace the defaults.
import { DEFAULT_PII_RULES, createPIIRedactor } from '@agentskit/core/security'
createPIIRedactor({
rules: [...DEFAULT_PII_RULES, myCustomRule],
})