mirror of
https://github.com/mudler/LocalAI.git
synced 2026-06-19 06:09:07 -04:00
feat(pii): NER tier engine — privacy-filter.cpp backend + NER-centric PII filter (#10360)
Squashed feat/pii-ner-tier-engine rebased onto master (was 45 commits; see backup/pii-ner-tier-engine-prerebase). Net change: - privacy-filter.cpp: standalone GGML engine for the openai-privacy-filter PII/NER token classifier, wired as a LocalAI gRPC backend (CPU/CUDA/Vulkan). TokenClassify moves off the patched llama.cpp path onto this backend. - PII filter reworked to be NER-centric (encoder/NER detection tier scanning whole conversations as one document), with a recreated bounded restricted- regex secret-matching pattern detector tier alongside it (per-model pii_detection.builtins / .patterns + core/services/routing/piipattern). - Detection labelled by source (ner vs pattern); backend trace / confidence / debug observability; analyze/redact exposed as a synchronous API. - Instance-wide default detector policy + per-usecase default-on; request filtering extended to completions, embeddings, edits & Ollama. - React UI: NER-centric PII editor, detector-models table, pattern/builtins editor, middleware default-policy UI. - Gallery: privacy-filter-multilingual token-classify model + NER install filter; token_classify known_usecase; batch sized to context for NER models. privacy-filter backend registered in the backend gallery (cpu/vulkan/cuda-13 meta + image entries with a capabilities map) matching its CI matrix jobs, and an /import-model auto-detect importer (PrivacyFilterImporter, narrow privacy-filter GGUF detection) replacing the prior pref-only registration. Reconciled against master's independent evolution: - Dropped master's PIIPatternOverrides feature (global-pattern runtime overrides + /api/pii/patterns API + runtime_settings.json persistence). The per-model NER + pattern-detector design supersedes it; it was built on the global redactor pattern set this branch replaced. - Reverted the llama.cpp Score carry-patch (0006-server-task-type-score): removed the patch and restored master's grpc-server.cpp Score RPC (direct llama_decode, slot-loop bypass) and LLAMA_VERSION pin, plus master's model_config validation forbidding score + chat/completion/embeddings on llama-cpp. token_classify is unaffected (it runs on the privacy-filter backend, not llama-cpp). Assisted-by: Claude:claude-opus-4-8 [Claude Code] Signed-off-by: Richard Palethorpe <io@richiejp.com>
This commit is contained in:
Richard Palethorpe
committed by
GitHub
GitHub
parent
c133ca39dc
commit
3fa7b2955c
134
swagger/docs.go
134
swagger/docs.go
@@ -1121,43 +1121,57 @@ const docTemplate = `{
|
||||
}
|
||||
}
|
||||
},
|
||||
"/api/pii/decide": {
|
||||
"/api/pii/analyze": {
|
||||
"post": {
|
||||
"consumes": [
|
||||
"application/json"
|
||||
],
|
||||
"produces": [
|
||||
"application/json"
|
||||
],
|
||||
"description": "Runs the configured PII detectors (NER and/or pattern tiers) over the supplied text and returns the matched entity spans with the policy action that would fire. Detection only — the text is not modified and no block is enforced. Select detectors explicitly via ` + "`" + `detectors` + "`" + `, or pass a consuming ` + "`" + `model` + "`" + ` to use its effective policy: the model's own ` + "`" + `pii.detectors` + "`" + `, else the instance-wide ` + "`" + `pii_default_detectors` + "`" + `. A model with PII disabled, or enabled with nothing to scan with, is a 400. The raw matched value is never returned; admins may set ` + "`" + `reveal:true` + "`" + ` for the audit hash prefix.",
|
||||
"tags": [
|
||||
"pii"
|
||||
],
|
||||
"summary": "Scan text for PII and return findings + suggested action (decision oracle)",
|
||||
"summary": "Detect PII entities in a string (no mutation).",
|
||||
"parameters": [
|
||||
{
|
||||
"description": "decide params",
|
||||
"description": "text + detector selection",
|
||||
"name": "request",
|
||||
"in": "body",
|
||||
"required": true,
|
||||
"schema": {
|
||||
"$ref": "#/definitions/schema.PIIDecideRequest"
|
||||
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "OK",
|
||||
"description": "Detected entities",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/schema.PIIDecideResponse"
|
||||
"$ref": "#/definitions/schema.PIIAnalyzeResponse"
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "Bad Request",
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"/api/pii/redact": {
|
||||
"post": {
|
||||
"description": "Runs the configured PII detectors over the text and applies each detector model's policy: masked spans are replaced with ` + "`" + `[REDACTED:\u003cid\u003e]` + "`" + `, allow spans pass through, and a single block action causes a 400 (type ` + "`" + `pii_blocked` + "`" + `) carrying the offending entities — the text is never returned in that case. Select detectors via ` + "`" + `detectors` + "`" + `, or a consuming ` + "`" + `model` + "`" + `'s effective policy (its own ` + "`" + `pii.detectors` + "`" + `, else the instance-wide ` + "`" + `pii_default_detectors` + "`" + `; PII must be enabled on the model). Records audit events (origin ` + "`" + `pii_redact` + "`" + `) visible at /api/pii/events.",
|
||||
"tags": [
|
||||
"pii"
|
||||
],
|
||||
"summary": "Redact PII in a string by applying the configured policy.",
|
||||
"parameters": [
|
||||
{
|
||||
"description": "text + detector selection",
|
||||
"name": "request",
|
||||
"in": "body",
|
||||
"required": true,
|
||||
"schema": {
|
||||
"type": "object",
|
||||
"additionalProperties": {
|
||||
"type": "string"
|
||||
}
|
||||
"$ref": "#/definitions/schema.PIIAnalyzeRequest"
|
||||
}
|
||||
}
|
||||
],
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "Redacted text + entities",
|
||||
"schema": {
|
||||
"$ref": "#/definitions/schema.PIIRedactResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -5893,45 +5907,66 @@ const docTemplate = `{
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.PIIDecideRequest": {
|
||||
"schema.PIIAnalyzeRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"text": {
|
||||
"description": "Text is the user-visible content to inspect. Required.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.PIIDecideResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"findings": {
|
||||
"description": "Findings is one entry per matched span — pattern id, byte\nrange, and audit-safe hash prefix (never the matched value).",
|
||||
"detectors": {
|
||||
"description": "Detectors names the detector models to run (NER and/or pattern). Takes\nprecedence over Model.",
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/schema.PIIFinding"
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"redacted_preview": {
|
||||
"description": "RedactedPreview is the input with mask-action spans replaced\nby their placeholders. Identical to Text when no findings or\nwhen the strongest action is block/allow (which don't rewrite\ncontent).",
|
||||
"model": {
|
||||
"description": "Model is a consuming model whose effective PII policy (own\npii.detectors, else the instance default detectors; PII must be\nenabled) is used when Detectors is empty.",
|
||||
"type": "string"
|
||||
},
|
||||
"suggested_action": {
|
||||
"description": "SuggestedAction is the strongest action across all findings:\n\"block\", \"mask\", or \"allow\" (no findings, or all findings\nresolved to the allow action).",
|
||||
"reveal": {
|
||||
"description": "Reveal includes the per-entity hash_prefix in the response. Honoured\nonly for admin callers; ignored otherwise. The raw matched value is\nnever returned regardless.",
|
||||
"type": "boolean"
|
||||
},
|
||||
"text": {
|
||||
"description": "Text is the string to scan. Bounded only by the server's global HTTP\nbody limit.",
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.PIIFinding": {
|
||||
"schema.PIIAnalyzeResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"blocked": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"correlation_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"entities": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/schema.PIIEntity"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.PIIEntity": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"action": {
|
||||
"type": "string"
|
||||
},
|
||||
"end": {
|
||||
"type": "integer"
|
||||
},
|
||||
"entity_type": {
|
||||
"type": "string"
|
||||
},
|
||||
"hash_prefix": {
|
||||
"type": "string"
|
||||
},
|
||||
"pattern": {
|
||||
"score": {
|
||||
"type": "number"
|
||||
},
|
||||
"source": {
|
||||
"type": "string"
|
||||
},
|
||||
"start": {
|
||||
@@ -5939,6 +5974,29 @@ const docTemplate = `{
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.PIIRedactResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"blocked": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"correlation_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"entities": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/definitions/schema.PIIEntity"
|
||||
}
|
||||
},
|
||||
"masked": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"redacted_text": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
"schema.RouterDecideRequest": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
|
||||
Reference in New Issue
Block a user