PII Filter

The PII filter scans LLM responses flowing through the MeshAI proxy for personally identifiable information. You choose how PII is handled: block the response entirely, redact PII inline, or allow it through with logging. Configured as a standard governance policy.

Supported PII Types

PII Type	Pattern	Redacted As
`email`	Email addresses	`[EMAIL_REDACTED]`
`phone`	Phone numbers (international formats)	`[PHONE_REDACTED]`
`ssn`	US Social Security Numbers	`[SSN_REDACTED]`
`credit_card`	Credit/debit card numbers (Luhn-validated)	`[CREDIT_CARD_REDACTED]`
`ip_address`	IPv4 and IPv6 addresses	`[IP_REDACTED]`
`passport`	Passport numbers (common formats)	`[PASSPORT_REDACTED]`
`iban`	International Bank Account Numbers	`[IBAN_REDACTED]`
`date_of_birth`	Date of birth patterns	`[DOB_REDACTED]`

Three Modes

Mode	Behavior	HTTP Status
`block`	Reject the entire response if any PII is found	`403`
`redact`	Replace PII with placeholder tokens and return the modified response	`200`
`allow`	Pass the response through unchanged, but log PII occurrences	`200`

Configure via Policy

Create a pii_filter policy to enable PII detection:

curl -X POST https://api.meshai.dev/governance/policies \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "redact-pii-in-responses",
    "policy_type": "pii_filter",
    "config": {
      "mode": "redact",
      "pii_types": ["email", "ssn", "credit_card", "phone"]
    },
    "scope": "global",
    "enabled": true
  }'

{
  "success": true,
  "data": {
    "id": "pol_pii_001",
    "name": "redact-pii-in-responses",
    "policy_type": "pii_filter",
    "config": {
      "mode": "redact",
      "pii_types": ["email", "ssn", "credit_card", "phone"]
    },
    "scope": "global",
    "enabled": true,
    "created_at": "2026-03-18T10:00:00Z"
  }
}

Mode Examples

Block Mode

Block any response containing PII. The agent receives a 403:

curl -X POST https://api.meshai.dev/governance/policies \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "block-all-pii",
    "policy_type": "pii_filter",
    "config": {
      "mode": "block",
      "pii_types": ["email", "ssn", "credit_card", "phone", "ip_address", "passport", "iban"]
    },
    "scope": "global",
    "enabled": true
  }'

The agent sees:

{
  "error": "Policy violation: pii_filter — response blocked due to detected PII (email, ssn)",
  "policy_id": "pol_pii_001",
  "status": 403
}

Redact Mode

PII is replaced inline before the response reaches the agent: Original LLM response:

Please contact John at john.doe@example.com or call 555-123-4567.

After redaction:

Please contact John at [EMAIL_REDACTED] or call [PHONE_REDACTED].

Allow Mode

The response passes through unchanged. PII occurrences are logged in the audit trail for review:

curl -X POST https://api.meshai.dev/governance/policies \
  -H "Authorization: Bearer msh_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "log-pii-only",
    "policy_type": "pii_filter",
    "config": {
      "mode": "allow",
      "pii_types": ["email", "ssn", "credit_card"]
    },
    "scope": "global",
    "enabled": true
  }'

Selective PII Types

You control exactly which PII types to scan for. Only the types listed in pii_types are checked — unlisted types are ignored:

{
  "mode": "redact",
  "pii_types": ["email", "ssn"]
}

This configuration redacts emails and SSNs but allows phone numbers, credit cards, and other PII through unchanged.

Audit Trail

Every PII detection event is logged:

Event Type	Description
`pii.detected`	PII found in response (includes types found, mode, and action taken)
`policy.violated`	Response blocked due to PII (block mode only)

Query PII-related audit events:

curl "https://api.meshai.dev/governance/audit-trail?event_type=pii.detected" \
  -H "Authorization: Bearer msh_YOUR_API_KEY"

Enforcement Architecture

Scan path: Proxy scans LLM response body after receiving it from the provider, before returning to the agent.
Latency: PII scanning adds < 5ms overhead per response.
Streaming: For streaming responses, PII detection runs on buffered chunks.
Fail-open: If the scanner errors, the response proceeds unchanged (logged as a warning).

Getting Started

Proxy (Zero-Code)

Framework Guides

Governance

EU AI Act Compliance

Billing

Supported PII Types

Three Modes

Configure via Policy

Mode Examples

Block Mode

Redact Mode

Allow Mode

Selective PII Types

Audit Trail

Enforcement Architecture

Getting Started

Proxy (Zero-Code)

Framework Guides

Governance

EU AI Act Compliance

Billing

​Supported PII Types

​Three Modes

​Configure via Policy

​Mode Examples

​Block Mode

​Redact Mode

​Allow Mode

​Selective PII Types

​Audit Trail

​Enforcement Architecture

Supported PII Types

Three Modes

Configure via Policy

Mode Examples

Block Mode

Redact Mode

Allow Mode

Selective PII Types

Audit Trail

Enforcement Architecture