mirror of
https://github.com/mudler/LocalAI.git
synced 2026-07-01 20:07:18 -04:00
feat(pii): NER tier engine — privacy-filter.cpp backend + NER-centric PII filter (#10360)
Squashed feat/pii-ner-tier-engine rebased onto master (was 45 commits; see backup/pii-ner-tier-engine-prerebase). Net change: - privacy-filter.cpp: standalone GGML engine for the openai-privacy-filter PII/NER token classifier, wired as a LocalAI gRPC backend (CPU/CUDA/Vulkan). TokenClassify moves off the patched llama.cpp path onto this backend. - PII filter reworked to be NER-centric (encoder/NER detection tier scanning whole conversations as one document), with a recreated bounded restricted- regex secret-matching pattern detector tier alongside it (per-model pii_detection.builtins / .patterns + core/services/routing/piipattern). - Detection labelled by source (ner vs pattern); backend trace / confidence / debug observability; analyze/redact exposed as a synchronous API. - Instance-wide default detector policy + per-usecase default-on; request filtering extended to completions, embeddings, edits & Ollama. - React UI: NER-centric PII editor, detector-models table, pattern/builtins editor, middleware default-policy UI. - Gallery: privacy-filter-multilingual token-classify model + NER install filter; token_classify known_usecase; batch sized to context for NER models. privacy-filter backend registered in the backend gallery (cpu/vulkan/cuda-13 meta + image entries with a capabilities map) matching its CI matrix jobs, and an /import-model auto-detect importer (PrivacyFilterImporter, narrow privacy-filter GGUF detection) replacing the prior pref-only registration. Reconciled against master's independent evolution: - Dropped master's PIIPatternOverrides feature (global-pattern runtime overrides + /api/pii/patterns API + runtime_settings.json persistence). The per-model NER + pattern-detector design supersedes it; it was built on the global redactor pattern set this branch replaced. - Reverted the llama.cpp Score carry-patch (0006-server-task-type-score): removed the patch and restored master's grpc-server.cpp Score RPC (direct llama_decode, slot-loop bypass) and LLAMA_VERSION pin, plus master's model_config validation forbidding score + chat/completion/embeddings on llama-cpp. token_classify is unaffected (it runs on the privacy-filter backend, not llama-cpp). Assisted-by: Claude:claude-opus-4-8 [Claude Code] Signed-off-by: Richard Palethorpe <io@richiejp.com>
This commit is contained in:
committed by
GitHub
parent
c133ca39dc
commit
3fa7b2955c
1
core/http/react-ui/src/utils/capabilities.js
vendored
1
core/http/react-ui/src/utils/capabilities.js
vendored
@@ -22,3 +22,4 @@ export const CAP_SPEAKER_RECOGNITION = 'FLAG_SPEAKER_RECOGNITION'
|
||||
export const CAP_AUDIO_TRANSFORM = 'FLAG_AUDIO_TRANSFORM'
|
||||
export const CAP_REALTIME_AUDIO = 'FLAG_REALTIME_AUDIO'
|
||||
export const CAP_SCORE = 'FLAG_SCORE'
|
||||
export const CAP_TOKEN_CLASSIFY = 'FLAG_TOKEN_CLASSIFY'
|
||||
|
||||
28
core/http/react-ui/src/utils/modelTemplates.js
vendored
28
core/http/react-ui/src/utils/modelTemplates.js
vendored
@@ -146,22 +146,38 @@ const MODEL_TEMPLATES = [
|
||||
id: 'mitm',
|
||||
label: 'MITM Intercept',
|
||||
icon: 'fa-shield-halved',
|
||||
description: 'Bind a hostname to this config for the cloudproxy MITM listener. PII filtering and pattern overrides flow from this config when the host is intercepted.',
|
||||
description: 'Bind a hostname to this config for the cloudproxy MITM listener. PII filtering (the NER detectors listed here) is applied to intercepted request bodies for the host.',
|
||||
// The mitm- name prefix is a convention, not a contract — the
|
||||
// dispatcher looks up by host, not name. Prefixing keeps the
|
||||
// config out of the way of callable model names so a chat client
|
||||
// accidentally requesting "anthropic" doesn't hit a backendless
|
||||
// intercept config.
|
||||
//
|
||||
// pii.patterns is pre-seeded with an empty list so the override
|
||||
// editor is visible by default — admins typically want to tighten
|
||||
// a couple of pattern actions when intercepting a cloud provider.
|
||||
// An empty list serializes out and the redactor ignores it.
|
||||
// pii.detectors is pre-seeded empty so the detector picker is visible
|
||||
// by default — admins point it at a token_classify model whose
|
||||
// pii_detection block defines the policy.
|
||||
fields: {
|
||||
'name': 'mitm-anthropic',
|
||||
'mitm.hosts': ['api.anthropic.com'],
|
||||
'pii.enabled': true,
|
||||
'pii.patterns': [],
|
||||
'pii.detectors': [],
|
||||
},
|
||||
},
|
||||
{
|
||||
id: 'secret-filter',
|
||||
label: 'Secret Pattern Detector',
|
||||
icon: 'fa-key',
|
||||
description: 'An in-process token_classify detector that flags high-entropy secrets (API keys, tokens) with bounded restricted-regex patterns — no backend, no GGUF, zero VRAM. Enable the built-in provider patterns below and/or add your own under PII Detection. Reference it from a model\'s pii.detectors, or toggle it on as a default detector on the Middleware page.',
|
||||
fields: {
|
||||
'name': 'secret-filter',
|
||||
'backend': 'pattern',
|
||||
'known_usecases': ['token_classify'],
|
||||
'pii_detection.default_action': 'block',
|
||||
'pii_detection.builtins': [
|
||||
'anthropic_api_key', 'openai_api_key', 'github_token', 'github_pat',
|
||||
'aws_access_key', 'google_api_key', 'slack_token', 'stripe_key',
|
||||
'jwt', 'private_key_block',
|
||||
],
|
||||
},
|
||||
},
|
||||
]
|
||||
|
||||
Reference in New Issue
Block a user