Expand description
PII Redaction Types and Verification Registry
This module provides the core types for PII redaction and the server-side verification registry. Under Option A, the client scrubs + encrypts; the server verifies consistency and stores ciphertext.
Β§Key types
ScrubbedText: Text that has been through redaction. Private constructor.ScrubbedPayload: JSON payload that has been through redaction. Private constructor.RedactionManifest: Describes what was redacted (spans + vault inserts).RedactionRegistry: Server-side verifier + egress guard + redact-only fallback.
Structs§
- Detected
Match π - Internal: a detected match before overlap resolution.
- Manifest
Violation - A consistency violation between manifest and payload.
- PiiDetector π
- A single PII detector: a compiled regex + metadata.
- PiiViolation
- A PII pattern detected during verification (text claimed scrubbed but isnβt).
- Redaction
Manifest - Manifest describing what was redacted. Accompanies scrubbed text.
- Redaction
Registry - Server-side PII verification registry and egress guard.
- Redaction
Span - A single detected PII span within text.
- Scrubbed
Payload - JSON payload that has been through PII redaction.
- Scrubbed
Text - Text that has been through PII redaction.
- Vault
Insert - Client-encrypted value for vault storage.
Enums§
- PiiType
- PII type classification for detected sensitive data.
Functions§
- default_
detectors π - Compiled detectors, built once at startup.
- requires_
vault_ πinsert - Whether a PII type requires a vault insert for reveal capability.
- resolve_
overlaps π - Resolve overlapping matches: longest match wins. Input must be sorted by start position.