PII Detection

Detects personally identifiable information in agent outputs using regex patterns. Scans for six built-in PII types — email addresses, phone numbers, SSNs, credit card numbers, dates of birth, and IP addresses — plus optional custom patterns. Supports an allow-redacted mode that ignores properly masked values.

Config

Field	Type	Required	Default	Description
`pii_types`	string[]	No	all types	PII types to check: `email`, `phone`, `ssn`, `credit_card`, `dob`, `ip_address`
`custom_patterns`	string[]	No	`[]`	Additional regex strings to match custom PII patterns
`check`	string	No	`output`	`input`, `output`, or `both`
`allow_redacted`	boolean	No	`false`	If true, redacted patterns like `*--1234` are not flagged

Use Cases

Data leakage prevention — Ensure agents never expose real email addresses, phone numbers, or SSNs in their responses to users.
GDPR / HIPAA compliance — Automatically flag outputs that contain personal data to meet privacy regulation requirements.
Redaction verification — Use allow_redacted: true to confirm that PII is properly masked (e.g. ***-**-1234) rather than exposed in full.
Custom identifiers — Add custom_patterns for domain-specific identifiers like employee IDs, account numbers, or medical record numbers.

Examples

Scan for all PII types

{
  "check": "output"
}
// Scans for email, phone, SSN, credit card, DOB, and IP address

Specific PII types only

{
  "pii_types": ["email", "ssn", "credit_card"],
  "check": "output"
}

Allow redacted values

{
  "pii_types": ["ssn"],
  "allow_redacted": true,
  "check": "output"
}
// "***-**-1234" → OK (redacted)
// "123-45-6789" → FAIL (exposed)

Custom patterns

{
  "pii_types": ["email"],
  "custom_patterns": ["MRN-\\d{8}", "EMP-[A-Z]{2}\\d{4}"],
  "check": "both"
}
// Also flags medical record numbers and employee IDs

Scoring

Each PII detection reduces the score by 0.2 from 1.0 (minimum 0.0). A score of 1.0 means no PII was detected (pass); any detection results in a fail. The reasoning field includes a breakdown by PII type with match counts (e.g. "email: 2, ssn: 1"). Invalid custom regex patterns are silently skipped.

Performance

Purely deterministic with no external API calls. Runs in under 1ms using regex pattern matching. Each built-in pattern is a single compiled regex. Custom patterns are compiled at evaluation time. Ideal for high-volume pipelines where every trace needs PII scanning without latency overhead.

Have questions? Join our community!

Connect with other developers and the 2Signal team.

Join Discord