nat.middleware.defense.defense_middleware_pii#
PII Defense Middleware using Microsoft Presidio.
This middleware detects and anonymizes Personally Identifiable Information (PII) in function outputs using Microsoft Presidio.
Attributes#
Classes#
Configuration for PII Defense Middleware using Microsoft Presidio. |
|
PII Defense Middleware using Microsoft Presidio. |
Module Contents#
- logger#
- class PIIDefenseMiddlewareConfig#
Bases:
nat.middleware.defense.defense_middleware.DefenseMiddlewareConfigConfiguration for PII Defense Middleware using Microsoft Presidio.
Detects PII in function outputs using Presidio’s rule-based entity recognition (no LLM required).
See <microsoft/presidio> for more information about Presidio.
Actions: - ‘partial_compliance’: Detect and log PII, but allow content to pass through - ‘refusal’: Block content if PII detected (hard stop) - ‘redirection’: Replace PII with anonymized placeholders (e.g., <EMAIL_ADDRESS>)
- class PIIDefenseMiddleware(config: PIIDefenseMiddlewareConfig, builder)#
Bases:
nat.middleware.defense.defense_middleware.DefenseMiddlewarePII Defense Middleware using Microsoft Presidio.
Detects PII in function outputs using Presidio’s rule-based entity recognition.
See microsoft/presidio for more information about Presidio.
- Streaming Behavior:
For ‘refusal’ and ‘redirection’ actions, chunks are buffered and checked before yielding to prevent PII from being streamed to clients. For ‘partial_compliance’ action, chunks are yielded immediately; violations are logged but content passes through.
- config: PIIDefenseMiddlewareConfig#
- _analyzer = None#
- _anonymizer = None#
- _lazy_load_presidio()#
Lazy load Presidio components when first needed.
- _analyze_content(
- text: str,
Analyze content for PII entities using Presidio.
- Args:
text: The text to analyze
- Returns:
PIIAnalysisResult with detection results and anonymized text.
- _process_pii_detection(
- value: Any,
- context: nat.middleware.middleware.FunctionMiddlewareContext,
Process PII detection and sanitization for a given value.
This is a common helper method that handles: - Field extraction (if target_field is specified) - PII analysis - Action handling (refusal, redirection, partial_compliance) - Applying sanitized value back to original structure
- Args:
value: The value to analyze. context: Function context metadata.
- Returns:
The value after PII handling (may be unchanged, sanitized, or raise exception)
- _handle_threat(
- content: Any,
- analysis_result: nat.middleware.defense.defense_middleware_data_models.PIIAnalysisResult,
- context: nat.middleware.middleware.FunctionMiddlewareContext,
- entities_str: str,
Handle detected PII threat based on configured action.
- Args:
content: The content with PII analysis_result: Detection result from Presidio context: Function context entities_str: String representation of detected entities
- Returns:
Handled content (anonymized, original, or raises exception for refusal)
- async post_invoke( ) nat.middleware.middleware.InvocationContext | None#
Detect and anonymize PII in function output after execution.
- Args:
context: Invocation context with function metadata and output.
- Returns:
Modified context if output was processed, None to pass through.
- async function_middleware_stream(
- *args: Any,
- call_next: nat.middleware.function_middleware.CallNextStream,
- context: nat.middleware.middleware.FunctionMiddlewareContext,
- \*\*kwargs: Any,
Intercept streaming calls to detect and anonymize PII in inputs or outputs.
For ‘refusal’ and ‘redirection’ actions: Chunks are buffered and checked before yielding. For ‘partial_compliance’ action: Chunks are yielded immediately; violations are logged.
- Args:
args: Positional arguments passed to the function (first arg is typically the input value). call_next: Function to call the next middleware or the actual function. context: Context containing function metadata. kwargs: Keyword arguments passed to the function.
- Yields:
The function result chunks, with PII anonymized if action=’redirection’.