mirror/LocalAI
1
0
Fork 0
mirror of https://github.com/mudler/LocalAI.git synced 2026-06-18 21:58:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

feat(pii): NER tier engine — privacy-filter.cpp backend + NER-centric PII filter (#10360)

Browse Source 
Squashed feat/pii-ner-tier-engine rebased onto master (was 45 commits; see
backup/pii-ner-tier-engine-prerebase). Net change:

- privacy-filter.cpp: standalone GGML engine for the openai-privacy-filter
  PII/NER token classifier, wired as a LocalAI gRPC backend (CPU/CUDA/Vulkan).
  TokenClassify moves off the patched llama.cpp path onto this backend.
- PII filter reworked to be NER-centric (encoder/NER detection tier scanning
  whole conversations as one document), with a recreated bounded restricted-
  regex secret-matching pattern detector tier alongside it (per-model
  pii_detection.builtins / .patterns + core/services/routing/piipattern).
- Detection labelled by source (ner vs pattern); backend trace / confidence /
  debug observability; analyze/redact exposed as a synchronous API.
- Instance-wide default detector policy + per-usecase default-on; request
  filtering extended to completions, embeddings, edits & Ollama.
- React UI: NER-centric PII editor, detector-models table, pattern/builtins
  editor, middleware default-policy UI.
- Gallery: privacy-filter-multilingual token-classify model + NER install
  filter; token_classify known_usecase; batch sized to context for NER models.
  privacy-filter backend registered in the backend gallery (cpu/vulkan/cuda-13
  meta + image entries with a capabilities map) matching its CI matrix jobs,
  and an /import-model auto-detect importer (PrivacyFilterImporter, narrow
  privacy-filter GGUF detection) replacing the prior pref-only registration.

Reconciled against master's independent evolution:

- Dropped master's PIIPatternOverrides feature (global-pattern runtime
  overrides + /api/pii/patterns API + runtime_settings.json persistence). The
  per-model NER + pattern-detector design supersedes it; it was built on the
  global redactor pattern set this branch replaced.
- Reverted the llama.cpp Score carry-patch (0006-server-task-type-score):
  removed the patch and restored master's grpc-server.cpp Score RPC (direct
  llama_decode, slot-loop bypass) and LLAMA_VERSION pin, plus master's
  model_config validation forbidding score + chat/completion/embeddings on
  llama-cpp. token_classify is unaffected (it runs on the privacy-filter
  backend, not llama-cpp).

Assisted-by: Claude:claude-opus-4-8 [Claude Code]

Signed-off-by: Richard Palethorpe <io@richiejp.com>
This commit is contained in:
Richard Palethorpe
2026-06-18 11:45:22 +01:00
committed by GitHub
parent c133ca39dc
commit 3fa7b2955c
134 changed files with 6671 additions and 4223 deletions
Download Patch File Download Diff File Expand all files Collapse all files

134
swagger/docs.go
View File

@@ -1121,43 +1121,57 @@ const docTemplate = `{
}
}
},
"/api/pii/decide": {
"/api/pii/analyze": {
"post": {
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"description": "Runs the configured PII detectors (NER and/or pattern tiers) over the supplied text and returns the matched entity spans with the policy action that would fire. Detection only — the text is not modified and no block is enforced. Select detectors explicitly via ` + "`" + `detectors` + "`" + `, or pass a consuming ` + "`" + `model` + "`" + ` to use its effective policy: the model's own ` + "`" + `pii.detectors` + "`" + `, else the instance-wide ` + "`" + `pii_default_detectors` + "`" + `. A model with PII disabled, or enabled with nothing to scan with, is a 400. The raw matched value is never returned; admins may set ` + "`" + `reveal:true` + "`" + ` for the audit hash prefix.",
"tags": [
"pii"
],
"summary": "Scan text for PII and return findings + suggested action (decision oracle)",
"summary": "Detect PII entities in a string (no mutation).",
"parameters": [
{
"description": "decide params",
"description": "text + detector selection",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/schema.PIIDecideRequest"
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"description": "Detected entities",
"schema": {
"$ref": "#/definitions/schema.PIIDecideResponse"
"$ref": "#/definitions/schema.PIIAnalyzeResponse"
}
},
"400": {
"description": "Bad Request",
}
}
}
},
"/api/pii/redact": {
"post": {
"description": "Runs the configured PII detectors over the text and applies each detector model's policy: masked spans are replaced with ` + "`" + `[REDACTED:\u003cid\u003e]` + "`" + `, allow spans pass through, and a single block action causes a 400 (type ` + "`" + `pii_blocked` + "`" + `) carrying the offending entities — the text is never returned in that case. Select detectors via ` + "`" + `detectors` + "`" + `, or a consuming ` + "`" + `model` + "`" + `'s effective policy (its own ` + "`" + `pii.detectors` + "`" + `, else the instance-wide ` + "`" + `pii_default_detectors` + "`" + `; PII must be enabled on the model). Records audit events (origin ` + "`" + `pii_redact` + "`" + `) visible at /api/pii/events.",
"tags": [
"pii"
],
"summary": "Redact PII in a string by applying the configured policy.",
"parameters": [
{
"description": "text + detector selection",
"name": "request",
"in": "body",
"required": true,
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
}
}
],
"responses": {
"200": {
"description": "Redacted text + entities",
"schema": {
"$ref": "#/definitions/schema.PIIRedactResponse"
}
}
}
@@ -5893,45 +5907,66 @@ const docTemplate = `{
}
}
},
"schema.PIIDecideRequest": {
"schema.PIIAnalyzeRequest": {
"type": "object",
"properties": {
"text": {
"description": "Text is the user-visible content to inspect. Required.",
"type": "string"
}
}
},
"schema.PIIDecideResponse": {
"type": "object",
"properties": {
"findings": {
"description": "Findings is one entry per matched span — pattern id, byte\nrange, and audit-safe hash prefix (never the matched value).",
"detectors": {
"description": "Detectors names the detector models to run (NER and/or pattern). Takes\nprecedence over Model.",
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIFinding"
"type": "string"
}
},
"redacted_preview": {
"description": "RedactedPreview is the input with mask-action spans replaced\nby their placeholders. Identical to Text when no findings or\nwhen the strongest action is block/allow (which don't rewrite\ncontent).",
"model": {
"description": "Model is a consuming model whose effective PII policy (own\npii.detectors, else the instance default detectors; PII must be\nenabled) is used when Detectors is empty.",
"type": "string"
},
"suggested_action": {
"description": "SuggestedAction is the strongest action across all findings:\n\"block\", \"mask\", or \"allow\" (no findings, or all findings\nresolved to the allow action).",
"reveal": {
"description": "Reveal includes the per-entity hash_prefix in the response. Honoured\nonly for admin callers; ignored otherwise. The raw matched value is\nnever returned regardless.",
"type": "boolean"
},
"text": {
"description": "Text is the string to scan. Bounded only by the server's global HTTP\nbody limit.",
"type": "string"
}
}
},
"schema.PIIFinding": {
"schema.PIIAnalyzeResponse": {
"type": "object",
"properties": {
"blocked": {
"type": "boolean"
},
"correlation_id": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIEntity"
}
}
}
},
"schema.PIIEntity": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"end": {
"type": "integer"
},
"entity_type": {
"type": "string"
},
"hash_prefix": {
"type": "string"
},
"pattern": {
"score": {
"type": "number"
},
"source": {
"type": "string"
},
"start": {
@@ -5939,6 +5974,29 @@ const docTemplate = `{
}
}
},
"schema.PIIRedactResponse": {
"type": "object",
"properties": {
"blocked": {
"type": "boolean"
},
"correlation_id": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIEntity"
}
},
"masked": {
"type": "boolean"
},
"redacted_text": {
"type": "string"
}
}
},
"schema.RouterDecideRequest": {
"type": "object",
"properties": {

134
swagger/swagger.json
View File

@@ -1118,43 +1118,57 @@
}
}
},
"/api/pii/decide": {
"/api/pii/analyze": {
"post": {
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"description": "Runs the configured PII detectors (NER and/or pattern tiers) over the supplied text and returns the matched entity spans with the policy action that would fire. Detection only — the text is not modified and no block is enforced. Select detectors explicitly via `detectors`, or pass a consuming `model` to use its effective policy: the model's own `pii.detectors`, else the instance-wide `pii_default_detectors`. A model with PII disabled, or enabled with nothing to scan with, is a 400. The raw matched value is never returned; admins may set `reveal:true` for the audit hash prefix.",
"tags": [
"pii"
],
"summary": "Scan text for PII and return findings + suggested action (decision oracle)",
"summary": "Detect PII entities in a string (no mutation).",
"parameters": [
{
"description": "decide params",
"description": "text + detector selection",
"name": "request",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/schema.PIIDecideRequest"
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"description": "Detected entities",
"schema": {
"$ref": "#/definitions/schema.PIIDecideResponse"
"$ref": "#/definitions/schema.PIIAnalyzeResponse"
}
},
"400": {
"description": "Bad Request",
}
}
}
},
"/api/pii/redact": {
"post": {
"description": "Runs the configured PII detectors over the text and applies each detector model's policy: masked spans are replaced with `[REDACTED:\u003cid\u003e]`, allow spans pass through, and a single block action causes a 400 (type `pii_blocked`) carrying the offending entities — the text is never returned in that case. Select detectors via `detectors`, or a consuming `model`'s effective policy (its own `pii.detectors`, else the instance-wide `pii_default_detectors`; PII must be enabled on the model). Records audit events (origin `pii_redact`) visible at /api/pii/events.",
"tags": [
"pii"
],
"summary": "Redact PII in a string by applying the configured policy.",
"parameters": [
{
"description": "text + detector selection",
"name": "request",
"in": "body",
"required": true,
"schema": {
"type": "object",
"additionalProperties": {
"type": "string"
}
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
}
}
],
"responses": {
"200": {
"description": "Redacted text + entities",
"schema": {
"$ref": "#/definitions/schema.PIIRedactResponse"
}
}
}
@@ -5890,45 +5904,66 @@
}
}
},
"schema.PIIDecideRequest": {
"schema.PIIAnalyzeRequest": {
"type": "object",
"properties": {
"text": {
"description": "Text is the user-visible content to inspect. Required.",
"type": "string"
}
}
},
"schema.PIIDecideResponse": {
"type": "object",
"properties": {
"findings": {
"description": "Findings is one entry per matched span — pattern id, byte\nrange, and audit-safe hash prefix (never the matched value).",
"detectors": {
"description": "Detectors names the detector models to run (NER and/or pattern). Takes\nprecedence over Model.",
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIFinding"
"type": "string"
}
},
"redacted_preview": {
"description": "RedactedPreview is the input with mask-action spans replaced\nby their placeholders. Identical to Text when no findings or\nwhen the strongest action is block/allow (which don't rewrite\ncontent).",
"model": {
"description": "Model is a consuming model whose effective PII policy (own\npii.detectors, else the instance default detectors; PII must be\nenabled) is used when Detectors is empty.",
"type": "string"
},
"suggested_action": {
"description": "SuggestedAction is the strongest action across all findings:\n\"block\", \"mask\", or \"allow\" (no findings, or all findings\nresolved to the allow action).",
"reveal": {
"description": "Reveal includes the per-entity hash_prefix in the response. Honoured\nonly for admin callers; ignored otherwise. The raw matched value is\nnever returned regardless.",
"type": "boolean"
},
"text": {
"description": "Text is the string to scan. Bounded only by the server's global HTTP\nbody limit.",
"type": "string"
}
}
},
"schema.PIIFinding": {
"schema.PIIAnalyzeResponse": {
"type": "object",
"properties": {
"blocked": {
"type": "boolean"
},
"correlation_id": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIEntity"
}
}
}
},
"schema.PIIEntity": {
"type": "object",
"properties": {
"action": {
"type": "string"
},
"end": {
"type": "integer"
},
"entity_type": {
"type": "string"
},
"hash_prefix": {
"type": "string"
},
"pattern": {
"score": {
"type": "number"
},
"source": {
"type": "string"
},
"start": {
@@ -5936,6 +5971,29 @@
}
}
},
"schema.PIIRedactResponse": {
"type": "object",
"properties": {
"blocked": {
"type": "boolean"
},
"correlation_id": {
"type": "string"
},
"entities": {
"type": "array",
"items": {
"$ref": "#/definitions/schema.PIIEntity"
}
},
"masked": {
"type": "boolean"
},
"redacted_text": {
"type": "string"
}
}
},
"schema.RouterDecideRequest": {
"type": "object",
"properties": {

128
swagger/swagger.yaml
View File

@@ -1950,46 +1950,76 @@ definitions:
$ref: '#/definitions/schema.NodeData'
type: array
type: object
schema.PIIDecideRequest:
schema.PIIAnalyzeRequest:
properties:
text:
description: Text is the user-visible content to inspect. Required.
type: string
type: object
schema.PIIDecideResponse:
properties:
findings:
detectors:
description: |-
Findings is one entry per matched span — pattern id, byte
range, and audit-safe hash prefix (never the matched value).
Detectors names the detector models to run (NER and/or pattern). Takes
precedence over Model.
items:
$ref: '#/definitions/schema.PIIFinding'
type: string
type: array
redacted_preview:
model:
description: |-
RedactedPreview is the input with mask-action spans replaced
by their placeholders. Identical to Text when no findings or
when the strongest action is block/allow (which don't rewrite
content).
Model is a consuming model whose effective PII policy (own
pii.detectors, else the instance default detectors; PII must be
enabled) is used when Detectors is empty.
type: string
suggested_action:
reveal:
description: |-
SuggestedAction is the strongest action across all findings:
"block", "mask", or "allow" (no findings, or all findings
resolved to the allow action).
Reveal includes the per-entity hash_prefix in the response. Honoured
only for admin callers; ignored otherwise. The raw matched value is
never returned regardless.
type: boolean
text:
description: |-
Text is the string to scan. Bounded only by the server's global HTTP
body limit.
type: string
type: object
schema.PIIFinding:
schema.PIIAnalyzeResponse:
properties:
blocked:
type: boolean
correlation_id:
type: string
entities:
items:
$ref: '#/definitions/schema.PIIEntity'
type: array
type: object
schema.PIIEntity:
properties:
action:
type: string
end:
type: integer
entity_type:
type: string
hash_prefix:
type: string
pattern:
score:
type: number
source:
type: string
start:
type: integer
type: object
schema.PIIRedactResponse:
properties:
blocked:
type: boolean
correlation_id:
type: string
entities:
items:
$ref: '#/definitions/schema.PIIEntity'
type: array
masked:
type: boolean
redacted_text:
type: string
type: object
schema.RouterDecideRequest:
properties:
input:
@@ -3176,32 +3206,54 @@ paths:
summary: Show the P2P token
tags:
- p2p
/api/pii/decide:
/api/pii/analyze:
post:
consumes:
- application/json
description: 'Runs the configured PII detectors (NER and/or pattern tiers) over
the supplied text and returns the matched entity spans with the policy action
that would fire. Detection only — the text is not modified and no block is
enforced. Select detectors explicitly via `detectors`, or pass a consuming
`model` to use its effective policy: the model''s own `pii.detectors`, else
the instance-wide `pii_default_detectors`. A model with PII disabled, or enabled
with nothing to scan with, is a 400. The raw matched value is never returned;
admins may set `reveal:true` for the audit hash prefix.'
parameters:
- description: decide params
- description: text + detector selection
in: body
name: request
required: true
schema:
$ref: '#/definitions/schema.PIIDecideRequest'
produces:
- application/json
$ref: '#/definitions/schema.PIIAnalyzeRequest'
responses:
"200":
description: OK
description: Detected entities
schema:
$ref: '#/definitions/schema.PIIDecideResponse'
"400":
description: Bad Request
$ref: '#/definitions/schema.PIIAnalyzeResponse'
summary: Detect PII entities in a string (no mutation).
tags:
- pii
/api/pii/redact:
post:
description: 'Runs the configured PII detectors over the text and applies each
detector model''s policy: masked spans are replaced with `[REDACTED:<id>]`,
allow spans pass through, and a single block action causes a 400 (type `pii_blocked`)
carrying the offending entities — the text is never returned in that case.
Select detectors via `detectors`, or a consuming `model`''s effective policy
(its own `pii.detectors`, else the instance-wide `pii_default_detectors`;
PII must be enabled on the model). Records audit events (origin `pii_redact`)
visible at /api/pii/events.'
parameters:
- description: text + detector selection
in: body
name: request
required: true
schema:
$ref: '#/definitions/schema.PIIAnalyzeRequest'
responses:
"200":
description: Redacted text + entities
schema:
additionalProperties:
type: string
type: object
summary: Scan text for PII and return findings + suggested action (decision
oracle)
$ref: '#/definitions/schema.PIIRedactResponse'
summary: Redact PII in a string by applying the configured policy.
tags:
- pii
/api/router/decide: