Documentation Index
Fetch the complete documentation index at: https://docs.meshai.dev/llms.txt
Use this file to discover all available pages before exploring further.
The PII filter scans LLM responses flowing through the MeshAI proxy for personally identifiable information. You choose how PII is handled: block the response entirely, redact PII inline, or allow it through with logging. Configured as a standard governance policy.
Supported PII Types
| PII Type | Pattern | Redacted As |
|---|
email | Email addresses | [EMAIL_REDACTED] |
phone | Phone numbers (international formats) | [PHONE_REDACTED] |
ssn | US Social Security Numbers | [SSN_REDACTED] |
credit_card | Credit/debit card numbers (Luhn-validated) | [CREDIT_CARD_REDACTED] |
ip_address | IPv4 and IPv6 addresses | [IP_REDACTED] |
passport | Passport numbers (common formats) | [PASSPORT_REDACTED] |
iban | International Bank Account Numbers | [IBAN_REDACTED] |
date_of_birth | Date of birth patterns | [DOB_REDACTED] |
Three Modes
| Mode | Behavior | HTTP Status |
|---|
block | Reject the entire response if any PII is found | 403 |
redact | Replace PII with placeholder tokens and return the modified response | 200 |
allow | Pass the response through unchanged, but log PII occurrences | 200 |
pii_filter policy to enable PII detection:
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "redact-pii-in-responses",
"policy_type": "pii_filter",
"config": {
"mode": "redact",
"pii_types": ["email", "ssn", "credit_card", "phone"]
},
"scope": "global",
"enabled": true
}'
{
"success": true,
"data": {
"id": "pol_pii_001",
"name": "redact-pii-in-responses",
"policy_type": "pii_filter",
"config": {
"mode": "redact",
"pii_types": ["email", "ssn", "credit_card", "phone"]
},
"scope": "global",
"enabled": true,
"created_at": "2026-03-18T10:00:00Z"
}
}
Mode Examples
Block Mode
Block any response containing PII. The agent receives a 403:
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "block-all-pii",
"policy_type": "pii_filter",
"config": {
"mode": "block",
"pii_types": ["email", "ssn", "credit_card", "phone", "ip_address", "passport", "iban"]
},
"scope": "global",
"enabled": true
}'
{
"error": "Policy violation: pii_filter — response blocked due to detected PII (email, ssn)",
"policy_id": "pol_pii_001",
"status": 403
}
Redact Mode
PII is replaced inline before the response reaches the agent:
Original LLM response:
Please contact John at john.doe@example.com or call 555-123-4567.
After redaction:
Please contact John at [EMAIL_REDACTED] or call [PHONE_REDACTED].
Allow Mode
The response passes through unchanged. PII occurrences are logged in the audit trail for review:
curl -X POST https://api.meshai.dev/governance/policies \
-H "Authorization: Bearer msh_YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "log-pii-only",
"policy_type": "pii_filter",
"config": {
"mode": "allow",
"pii_types": ["email", "ssn", "credit_card"]
},
"scope": "global",
"enabled": true
}'
Selective PII Types
You control exactly which PII types to scan for. Only the types listed in pii_types are checked — unlisted types are ignored:
{
"mode": "redact",
"pii_types": ["email", "ssn"]
}
Audit Trail
Every PII detection event is logged:
| Event Type | Description |
|---|
pii.detected | PII found in response (includes types found, mode, and action taken) |
policy.violated | Response blocked due to PII (block mode only) |
curl "https://api.meshai.dev/governance/audit-trail?event_type=pii.detected" \
-H "Authorization: Bearer msh_YOUR_API_KEY"
Enforcement Architecture
- Scan path: Proxy scans LLM response body after receiving it from the provider, before returning to the agent.
- Latency: PII scanning adds < 5ms overhead per response.
- Streaming: For streaming responses, PII detection runs on buffered chunks.
- Fail-open: If the scanner errors, the response proceeds unchanged (logged as a warning).
