PHPackages                             promptphp/intercept-pii-redactor - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. promptphp/intercept-pii-redactor

ActiveLibrary[Security](/categories/security)

promptphp/intercept-pii-redactor
================================

PII redaction middleware for Laravel AI agents.

v0.1.0(today)00MITPHPPHP ^8.4

Since Jun 19Pushed todayCompare

[ Source](https://github.com/promptphp/intercept-pii-redactor)[ Packagist](https://packagist.org/packages/promptphp/intercept-pii-redactor)[ Docs](https://intercept.promptphp.com)[ RSS](/packages/promptphp-intercept-pii-redactor/feed)WikiDiscussions main Synced today

READMEChangelog (4)Dependencies (2)Versions (2)Used By (0)

promptphp/intercept-pii-redactor
================================

[](#promptphpintercept-pii-redactor)

`PIIRedactor` is a Laravel AI SDK agent middleware that detects and handles sensitive personal or secret-like data before an agent prompt reaches the AI provider.

It can redact, mask, log, block, or fully delegate handling to a custom callback.

> This middleware is a deterministic, regex-based PII guard. It is designed to catch common structured sensitive data, not to guarantee complete detection of every possible personal identifier.

Features
--------

[](#features)

- Detects common structured PII and secret-like values.
- Supports email, phone, credit card, IP address, API key, and bearer token detection.
- Redacts values with stable placeholders such as `[EMAIL_1]`.
- Masks values for safer user-facing visibility.
- Blocks high-risk entities by default.
- Supports allowed email addresses and allowed domains.
- Logs safely using hashes by default.
- Supports optional prompt previews in logs.
- Supports global Intercept config with per-agent constructor overrides.
- Supports fully custom detection handling with a callback.

Supported actions
-----------------

[](#supported-actions)

ActionBehaviour`redact`Replaces detected values with placeholders.`mask`Partially masks detected values.`log`Logs detections and continues unchanged.`block`Throws a `PIIRedactorException` and stops the prompt.The recommended default action is `redact`.

Some entities can still be blocked even when the action is `redact`. By default, credit cards, API keys, and bearer tokens are blocked.

Supported entities
------------------

[](#supported-entities)

EntityDescription`email`Email addresses such as `victor@example.com`.`phone`Common phone number formats.`credit_card`Credit card-like numbers validated with Luhn.`ip_address`IPv4 addresses.`api_key`Common API key formats.`bearer_token`Bearer authorization tokens.Names, addresses, passports, national insurance numbers, and medical identifiers are not included in the current version as they are harder to detect safely with regex alone and can create a lot of false positives.

Configuration
-------------

[](#configuration)

No configuration is required. The middleware works out of the box using safe internal defaults.

```
new PIIRedactor()
```

By default, this will:

- use the `redact` action
- detect email, phone, credit card, IP address, API key, and bearer token values
- block credit cards, API keys, and bearer tokens
- redact lower-risk values such as emails, phone numbers, and IP addresses
- avoid logging raw detected values
- avoid logging prompt previews

### Optional global config

[](#optional-global-config)

Intercept supports an optional shared config file:

```
config/intercept.php

```

This config file is used for global middleware defaults across the Intercept package.

You may publish it with:

```
php artisan vendor:publish --tag=intercept-config
```

### Configuration priority

[](#configuration-priority)

Configuration is resolved in this order:

```
constructor value > config value > internal middleware default

```

That means a constructor value always wins over the published config.

For example, if your config says:

```
'pii_redactor' => [
    'action' => 'redact',
],
```

You can still override it for a specific agent:

```
public function middleware(): array
{
    return [
        new PIIRedactor(
            action: 'log',
            blockEntities: [],
        ),
    ];
}
```

In this case, the middleware will use `log` for that agent, even though the global config says `redact`.

### Partial config is supported

[](#partial-config-is-supported)

You do not need to define every option in `config/intercept.php`.

For example, this is valid:

```
'pii_redactor' => [
    'action' => 'mask',
],
```

All missing options will fall back to the middleware's internal defaults.

Usage
-----

[](#usage)

Simply register and use the middleware on a Laravel AI agent.

```