PII Guard Node
The PII Guard Node is designed to detect and mask Personally Identifiable Information (PII) within raw text, ensuring sensitive data is anonymized before further processing, storage, or transmission. This document details its technical specifications, including input/output data contracts, configuration, and error handling.
Purpose and How the Node Works
The PII Guard node detects and masks standard PII patterns (email addresses, phone numbers, SSNs) in raw text.
Input Resolution:
$input: Output of the previous node.
$secret: Vault secrets (though not typically used directly for PII Guard input).
Example Reference: https://api.example.com/users/$input.text
Request/Processing:
Accepts raw text or JSON-stringified input containing free-form content.
Identifies standard PII patterns:
Email: Replaced with [EMAIL]
SSN: Replaced with [SSN]
Phone numbers: Replaced with [PHONE]
Returns the input text with PII placeholders inserted.
Execution Model: Blocking – the node completes processing before the workflow proceeds.
Response Handling:
Success: Returns maskedData containing the redacted text.
Failure: Returns an appropriate error message and statusCode.
Configuration Schema
The PII Guard Node has minimal configuration, primarily focusing on the input text.
Field
Type
Required
Description
input
any
✅
Free-form text to be scanned and masked.
name
string
Optional
Optional name for the PII guard node instance.
description
string
Optional
Optional description of what the node is doing.
Output Schema
The node's output port (piiMaskedResult) will always conform to the following schema:
maskedData
any
✅
Redacted input with PII replaced by placeholders.
error
string
No
Error message if processing failed; null on success.
statusCode
number
✅
HTTP-like status code (200 for success, 400/500 for error).
Examples
Success Example
Configuration:
JSON
{
"input": "Hello, this is Michael. My SSN is 123-45-6789 and my email is [email protected]. Please call me at (555) 123-4567 or +1-800-555-1212."
}
Output:
JSON
{
"maskedData": "Hello, this is Michael. My SSN is [SSN] and my email is [EMAIL]. Please call me at [PHONE] or [PHONE].",
"error": null,
"statusCode": 200
}
Failure Example (Invalid Input)
Configuration:
JSON
{
"input": null
}
Output:
JSON
{
"maskedData": null,
"error": "Invalid input: expected non-empty string.",
"statusCode": 400
}
Single-Node Test API
For testing a node in isolation (e.g., via the UI "Test" button or a dedicated API), the following endpoint is used:
Path: /skill-runtime/workflows/nodes/PIIGuard/execute
Method: POST
Purpose: Execute one node in isolation.
Request Body:
JSON
{
"config": {
"input": "I am John. Email: [email protected]. SSN: 123-45-6789"
},
"input": {}
}
Error Handling
Invalid input
400
Null or undefined input.
Masking failed due to exception
500
Internal error during processing.
Security Notes
No $secret usage is required for this node.
Ensure logging and debugging tools do not log unmasked input. The node itself performs masking in-memory before passing data to the next stage.
Masking is done in-memory; no unmasked data is persisted by the node itself.
Last updated