PIIGuard
PIIGuard detects and optionally redacts personal identifiable information (PII) from inputs.
Overview
| Property |
Value |
| Latency |
<10ms |
| Memory |
50 KB |
| Async |
No |
| ML Required |
No |
Supported PII Types
| Category |
Examples |
Detection |
| Email |
john@example.com |
Regex |
| Phone |
+1 555-123-4567 |
Regex |
| SSN |
123-45-6789 |
Regex + validation |
| Credit Card |
4111-1111-1111-1111 |
Regex + Luhn |
| IP Address |
192.168.1.1 |
Regex + validation |
| API Keys |
api_key=sk-xxx |
Regex |
| DOB |
01/15/1990 |
Regex |
| URL |
https://example.com |
Regex |
Usage
Rust
use oxide_guard::{Guard, PIIGuard, RedactionStrategy, PIICategory};
let guard = PIIGuard::new("pii")
.with_redaction(RedactionStrategy::Mask)
.with_categories(&[PIICategory::Email, PIICategory::Phone, PIICategory::CreditCard]);
let result = guard.check("My email is john@example.com");
// result.sanitized = "My email is j***@example.com"
// Detect without redacting
let detections = guard.detect("Contact: john@example.com, 555-1234");
for detection in detections {
println!("{}: {} at {}-{}",
detection.category,
detection.matched_text,
detection.start,
detection.end
);
}
Python
from oxideshield import pii_guard
guard = pii_guard(redaction="mask")
result = guard.check("My email is john@example.com")
print(result.sanitized) # My email is j***@example.com
# Detect PII
detections = guard.detect("Email: john@example.com")
for category, text, start, end in detections:
print(f"{category}: {text}")
Redaction Strategies
| Strategy |
Example Input |
Example Output |
Mask |
john@example.com |
j***@example.com |
Replace |
john@example.com |
[EMAIL] |
Hash |
john@example.com |
[HASH:a1b2c3d4] |
Remove |
john@example.com |
(empty) |
Configuration
guards:
pii:
enabled: true
redaction: mask
block_on_detect: false # Sanitize instead of block
categories:
- email
- phone
- ssn
- credit_card
- api_key
Credit Card Validation
PIIGuard uses the Luhn algorithm to validate credit card numbers, reducing false positives:
// Valid card (passes Luhn)
guard.check("Card: 4111-1111-1111-1111"); // Detected
// Invalid number (fails Luhn)
guard.check("Card: 1234-5678-9012-3456"); // Not detected