rehydra 0.1.0

package/dist/recognizers/registry.js

@@ -0,0 +1,113 @@
+/**
+ * Recognizer Registry
+ * Central registry for all PII recognizers
+ */
+/**
+ * Registry for managing PII recognizers
+ */
+export class RecognizerRegistry {
+    recognizers = new Map();
+    /**
+     * Registers a recognizer for a PII type
+     */
+    register(recognizer) {
+        const existing = this.recognizers.get(recognizer.type) ?? [];
+        existing.push(recognizer);
+        this.recognizers.set(recognizer.type, existing);
+    }
+    /**
+     * Registers multiple recognizers
+     */
+    registerAll(recognizers) {
+        for (const recognizer of recognizers) {
+            this.register(recognizer);
+        }
+    }
+    /**
+     * Gets all recognizers for a specific type
+     */
+    getRecognizers(type) {
+        return this.recognizers.get(type) ?? [];
+    }
+    /**
+     * Gets all registered recognizers
+     */
+    getAllRecognizers() {
+        const all = [];
+        for (const recognizers of this.recognizers.values()) {
+            all.push(...recognizers);
+        }
+        return all;
+    }
+    /**
+     * Gets all registered PII types
+     */
+    getRegisteredTypes() {
+        return Array.from(this.recognizers.keys());
+    }
+    /**
+     * Checks if a recognizer is registered for a type
+     */
+    hasRecognizer(type) {
+        const recognizers = this.recognizers.get(type);
+        return recognizers !== undefined && recognizers.length > 0;
+    }
+    /**
+     * Removes all recognizers for a type
+     */
+    unregister(type) {
+        this.recognizers.delete(type);
+    }
+    /**
+     * Clears all recognizers
+     */
+    clear() {
+        this.recognizers.clear();
+    }
+    /**
+     * Runs all enabled recognizers on text and returns matches
+     * @param text - Text to analyze
+     * @param policy - Anonymization policy to determine which types to detect
+     */
+    findAll(text, policy) {
+        const matches = [];
+        for (const [type, recognizers] of this.recognizers) {
+            // Skip types not enabled in policy
+            if (!policy.enabledTypes.has(type) || !policy.regexEnabledTypes.has(type)) {
+                continue;
+            }
+            // Get confidence threshold for this type
+            const threshold = policy.confidenceThresholds.get(type) ?? 0.5;
+            for (const recognizer of recognizers) {
+                const typeMatches = recognizer.find(text);
+                // Filter by confidence threshold
+                for (const match of typeMatches) {
+                    if (match.confidence >= threshold) {
+                        matches.push(match);
+                    }
+                }
+            }
+        }
+        return matches;
+    }
+}
+/**
+ * Global singleton registry instance
+ */
+let globalRegistry = null;
+/**
+ * Gets the global recognizer registry (singleton)
+ */
+export function getGlobalRegistry() {
+    if (globalRegistry === null) {
+        globalRegistry = new RecognizerRegistry();
+    }
+    return globalRegistry;
+}
+/**
+ * Creates a new isolated registry (useful for testing)
+ */
+export function createRegistry() {
+    return new RecognizerRegistry();
+}
+//# sourceMappingURL=registry.js.map

package/dist/recognizers/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/recognizers/registry.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH;;GAEG;AACH,MAAM,OAAO,kBAAkB;IACrB,WAAW,GAA+B,IAAI,GAAG,EAAE,CAAC;IAE5D;;OAEG;IACH,QAAQ,CAAC,UAAsB;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7D,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,WAAyB;QACnC,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,IAAa;QAC1B,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,GAAG,GAAiB,EAAE,CAAC;QAC7B,KAAK,MAAM,WAAW,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YACpD,GAAG,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAa;QACzB,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/C,OAAO,WAAW,KAAK,SAAS,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,IAAa;QACtB,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,IAAY,EAAE,MAA2B;QAC/C,MAAM,OAAO,GAAgB,EAAE,CAAC;QAEhC,KAAK,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACnD,mCAAmC;YACnC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1E,SAAS;YACX,CAAC;YAED,yCAAyC;YACzC,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC;YAE/D,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;gBACrC,MAAM,WAAW,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAE1C,iCAAiC;gBACjC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;oBAChC,IAAI,KAAK,CAAC,UAAU,IAAI,SAAS,EAAE,CAAC;wBAClC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;oBACtB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED;;GAEG;AACH,IAAI,cAAc,GAA8B,IAAI,CAAC;AAErD;;GAEG;AACH,MAAM,UAAU,iBAAiB;IAC/B,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,cAAc,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAC5C,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc;IAC5B,OAAO,IAAI,kBAAkB,EAAE,CAAC;AAClC,CAAC"}

package/dist/recognizers/url.d.ts

@@ -0,0 +1,14 @@
+/**
+ * URL Recognizer
+ * Detects URLs with various protocols
+ */
+import type { Recognizer } from './base.js';
+/**
+ * URL recognizer
+ */
+export declare const urlRecognizer: Recognizer;
+/**
+ * Extracts the domain from a URL
+ */
+export declare function extractDomain(url: string): string | null;
+//# sourceMappingURL=url.d.ts.map

package/dist/recognizers/url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/recognizers/url.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAoB5C;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,UA6D3B,CAAC;AA4BF;;GAEG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgBxD"}

package/dist/recognizers/url.js

@@ -0,0 +1,121 @@
+/**
+ * URL Recognizer
+ * Detects URLs with various protocols
+ */
+import { PIIType, DetectionSource } from '../types/index.js';
+/**
+ * URL pattern - matches common URL formats
+ * Supports: http, https, ftp, mailto, file protocols
+ */
+const URL_PATTERN = /\b(?:https?|ftp|file):\/\/[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]/g;
+/**
+ * Pattern for URLs without explicit protocol (www.)
+ */
+const WWW_PATTERN = /\bwww\.[-A-Za-z0-9+&@#/%?=~_|!:,.;]*[-A-Za-z0-9+&@#/%=~_|]/g;
+/**
+ * Pattern for mailto: URLs
+ */
+const MAILTO_PATTERN = /\bmailto:[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g;
+/**
+ * URL recognizer
+ */
+export const urlRecognizer = {
+    type: PIIType.URL,
+    name: 'URL',
+    defaultConfidence: 0.92,
+    find(text) {
+        const matches = [];
+        const seen = new Set();
+        const patterns = [URL_PATTERN, WWW_PATTERN, MAILTO_PATTERN];
+        for (const pattern of patterns) {
+            const globalPattern = new RegExp(pattern.source, 'g');
+            for (const match of text.matchAll(globalPattern)) {
+                if (match.index === undefined)
+                    continue;
+                const url = match[0];
+                const key = `${match.index}:${match.index + url.length}`;
+                if (seen.has(key))
+                    continue;
+                if (!this.validate(url))
+                    continue;
+                seen.add(key);
+                matches.push({
+                    type: PIIType.URL,
+                    start: match.index,
+                    end: match.index + url.length,
+                    confidence: this.defaultConfidence,
+                    source: DetectionSource.REGEX,
+                    text: url,
+                });
+            }
+        }
+        // Remove overlapping matches (www. might be substring of http://www.)
+        return deduplicateOverlapping(matches);
+    },
+    validate(url) {
+        // Basic length check
+        if (url.length < 5)
+            return false;
+        // Should have at least one dot after the protocol
+        const withoutProtocol = url.replace(/^(?:https?|ftp|file|mailto):\/\/?/, '');
+        if (!withoutProtocol.includes('.'))
+            return false;
+        // TLD should be at least 2 characters
+        const parts = withoutProtocol.split('.');
+        const tld = parts[parts.length - 1];
+        if (tld === undefined)
+            return false;
+        // Remove any path/query from TLD
+        const cleanTld = tld.split(/[/?#]/)[0];
+        if (cleanTld === undefined || cleanTld.length < 2)
+            return false;
+        return true;
+    },
+    normalize(url) {
+        return url.trim();
+    },
+};
+/**
+ * Remove overlapping matches
+ */
+function deduplicateOverlapping(matches) {
+    if (matches.length <= 1)
+        return matches;
+    const sorted = [...matches].sort((a, b) => a.start - b.start);
+    const result = [];
+    for (const match of sorted) {
+        const last = result[result.length - 1];
+        if (last !== undefined && match.start < last.end) {
+            // Overlapping - keep the longer one
+            if (match.end > last.end) {
+                result.pop();
+                result.push(match);
+            }
+        }
+        else {
+            result.push(match);
+        }
+    }
+    return result;
+}
+/**
+ * Extracts the domain from a URL
+ */
+export function extractDomain(url) {
+    try {
+        // Add protocol if missing for URL parsing
+        let normalizedUrl = url;
+        if (url.startsWith('www.')) {
+            normalizedUrl = 'https://' + url;
+        }
+        if (!normalizedUrl.includes('://')) {
+            normalizedUrl = 'https://' + normalizedUrl;
+        }
+        const parsed = new URL(normalizedUrl);
+        return parsed.hostname;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=url.js.map

package/dist/recognizers/url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.js","sourceRoot":"","sources":["../../src/recognizers/url.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,EAAa,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAGxE;;;GAGG;AACH,MAAM,WAAW,GACf,gFAAgF,CAAC;AAEnF;;GAEG;AACH,MAAM,WAAW,GAAG,6DAA6D,CAAC;AAElF;;GAEG;AACH,MAAM,cAAc,GAClB,0DAA0D,CAAC;AAE7D;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAe;IACvC,IAAI,EAAE,OAAO,CAAC,GAAG;IACjB,IAAI,EAAE,KAAK;IACX,iBAAiB,EAAE,IAAI;IAEvB,IAAI,CAAC,IAAY;QACf,MAAM,OAAO,GAAgB,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAE/B,MAAM,QAAQ,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;QAE5D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAEtD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACjD,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;oBAAE,SAAS;gBAExC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBACrB,MAAM,GAAG,GAAG,GAAG,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC;gBAEzD,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAC5B,IAAI,CAAC,IAAI,CAAC,QAAS,CAAC,GAAG,CAAC;oBAAE,SAAS;gBAEnC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACd,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO,CAAC,GAAG;oBACjB,KAAK,EAAE,KAAK,CAAC,KAAK;oBAClB,GAAG,EAAE,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,MAAM;oBAC7B,UAAU,EAAE,IAAI,CAAC,iBAAiB;oBAClC,MAAM,EAAE,eAAe,CAAC,KAAK;oBAC7B,IAAI,EAAE,GAAG;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,sEAAsE;QACtE,OAAO,sBAAsB,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,QAAQ,CAAC,GAAW;QAClB,qBAAqB;QACrB,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAEjC,kDAAkD;QAClD,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAEjD,sCAAsC;QACtC,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACpC,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QACpC,iCAAiC;QACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAEhE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,SAAS,CAAC,GAAW;QACnB,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAoB;IAClD,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,OAAO,CAAC;IAExC,MAAM,MAAM,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAgB,EAAE,CAAC;IAE/B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAEvC,IAAI,IAAI,KAAK,SAAS,IAAI,KAAK,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACjD,oCAAoC;YACpC,IAAI,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACzB,MAAM,CAAC,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACrB,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAW;IACvC,IAAI,CAAC;QACH,0CAA0C;QAC1C,IAAI,aAAa,GAAG,GAAG,CAAC;QACxB,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,aAAa,GAAG,UAAU,GAAG,GAAG,CAAC;QACnC,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnC,aAAa,GAAG,UAAU,GAAG,aAAa,CAAC;QAC7C,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QACtC,OAAO,MAAM,CAAC,QAAQ,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/types/index.d.ts

@@ -0,0 +1,197 @@
+import { PIIType } from "./pii-types.js";
+export * from "./pii-types.js";
+/**
+ * Source of entity detection
+ */
+export declare enum DetectionSource {
+    REGEX = "REGEX",
+    NER = "NER",
+    HYBRID = "HYBRID"
+}
+/**
+ * Gender attribute for PERSON entities
+ * Used to preserve grammatical agreement during machine translation
+ */
+export type PersonGender = "male" | "female" | "neutral" | "unknown";
+/**
+ * Scope attribute for LOCATION entities
+ * Helps MT engines select correct prepositions (e.g., "in Berlin" vs "in Germany")
+ */
+export type LocationScope = "city" | "country" | "region" | "unknown";
+/**
+ * Semantic attributes for PII entities
+ * These attributes help preserve linguistic context during translation
+ */
+export interface SemanticAttributes {
+    /** Gender for PERSON entities */
+    gender?: PersonGender;
+    /** Geographic scope for LOCATION entities */
+    scope?: LocationScope;
+    /** Honorific title extracted from PERSON entities (e.g., "Dr.", "Mrs.") */
+    title?: string;
+}
+/**
+ * Progress callback for semantic data downloads
+ */
+export type SemanticDownloadProgressCallback = (progress: {
+    file: string;
+    bytesDownloaded: number;
+    totalBytes: number | null;
+    percent: number | null;
+}) => void;
+/**
+ * Semantic enrichment configuration
+ * Controls automatic downloading and loading of semantic data for MT-friendly PII tags
+ */
+export interface SemanticConfig {
+    /**
+     * Whether to enable semantic masking (adds gender/scope attributes to PII tags)
+     * @default false
+     */
+    enabled: boolean;
+    /**
+     * Whether to auto-download semantic data if not present
+     * Data files include name-gender mappings (~40K names) and location data (~25K cities)
+     * Total download size: ~4 MB
+     * @default true when enabled is true
+     */
+    autoDownload?: boolean;
+    /**
+     * Callback for download progress
+     */
+    onDownloadProgress?: SemanticDownloadProgressCallback;
+    /**
+     * Callback for status messages
+     */
+    onStatus?: (status: string) => void;
+}
+/**
+ * A detected PII entity with its position and metadata
+ */
+export interface DetectedEntity {
+    /** PII category */
+    type: PIIType;
+    /** Unique identifier within the document (1-based, monotonically increasing) */
+    id: number;
+    /** Start character offset in original text (0-based, inclusive) */
+    start: number;
+    /** End character offset in original text (0-based, exclusive) */
+    end: number;
+    /** Detection confidence score (0.0 to 1.0) */
+    confidence: number;
+    /** How this entity was detected */
+    source: DetectionSource;
+    /** Original text (only stored in encrypted pii_map, never logged) */
+    original: string;
+    /** Semantic attributes for MT-friendly tags (gender, scope, etc.) */
+    semantic?: SemanticAttributes;
+}
+/**
+ * A span match from a recognizer (before ID assignment)
+ */
+export interface SpanMatch {
+    /** PII category */
+    type: PIIType;
+    /** Start character offset (0-based, inclusive) */
+    start: number;
+    /** End character offset (0-based, exclusive) */
+    end: number;
+    /** Detection confidence score (0.0 to 1.0) */
+    confidence: number;
+    /** How this span was detected */
+    source: DetectionSource;
+    /** The matched text */
+    text: string;
+    /** Semantic attributes for MT-friendly tags (gender, scope, etc.) */
+    semantic?: SemanticAttributes;
+}
+/**
+ * Custom ID pattern configuration
+ */
+export interface CustomIdPattern {
+    /** Pattern name for identification */
+    name: string;
+    /** Regular expression pattern */
+    pattern: RegExp;
+    /** PII type to assign (typically CASE_ID or CUSTOMER_ID) */
+    type: PIIType;
+    /** Optional validation function */
+    validate?: (match: string) => boolean;
+}
+/**
+ * Anonymization policy configuration
+ */
+export interface AnonymizationPolicy {
+    /** Set of PII types to detect (both regex and NER) */
+    enabledTypes: Set<PIIType>;
+    /** Set of PII types to detect via regex */
+    regexEnabledTypes: Set<PIIType>;
+    /** Set of PII types to detect via NER */
+    nerEnabledTypes: Set<PIIType>;
+    /** Priority order for resolving overlapping entities (higher index = higher priority) */
+    typePriority: PIIType[];
+    /** Minimum confidence thresholds per type (default: 0.5) */
+    confidenceThresholds: Map<PIIType, number>;
+    /** Custom ID patterns for domain-specific identifiers */
+    customIdPatterns: CustomIdPattern[];
+    /** Terms that should not be treated as PII (case-insensitive) */
+    allowlistTerms: Set<string>;
+    /** Terms that should always be treated as PII */
+    denylistPatterns: RegExp[];
+    /** Whether to reuse IDs for identical repeated PII strings */
+    reuseIdsForRepeatedPII: boolean;
+    /** Whether to run leak scan on anonymized output */
+    enableLeakScan: boolean;
+    /** Enable semantic attribute enrichment for MT-friendly tags (gender, location scope) */
+    enableSemanticMasking: boolean;
+}
+/**
+ * Encrypted PII map entry
+ */
+export interface EncryptedPIIMap {
+    /** AES-256-GCM encrypted data (base64) */
+    ciphertext: string;
+    /** Initialization vector (base64) */
+    iv: string;
+    /** Authentication tag (base64) */
+    authTag: string;
+}
+/**
+ * Statistics about the anonymization process
+ */
+export interface AnonymizationStats {
+    /** Count of entities detected per type */
+    countsByType: Record<PIIType, number>;
+    /** Total number of entities detected */
+    totalEntities: number;
+    /** NER model version used */
+    modelVersion: string;
+    /** Policy version/identifier */
+    policyVersion: string;
+    /** Processing time in milliseconds */
+    processingTimeMs: number;
+    /** Whether leak scan passed (if enabled) */
+    leakScanPassed?: boolean;
+}
+/**
+ * Result of the anonymization process
+ */
+export interface AnonymizationResult {
+    /** Text with PII replaced by placeholder tags */
+    anonymizedText: string;
+    /** List of detected entities (without original text for safety) */
+    entities: Omit<DetectedEntity, "original">[];
+    /** Encrypted mapping of (type, id) -> original string */
+    piiMap: EncryptedPIIMap;
+    /** Statistics about the anonymization */
+    stats: AnonymizationStats;
+}
+/**
+ * Creates a default anonymization policy with all types enabled
+ */
+export declare function createDefaultPolicy(): AnonymizationPolicy;
+/**
+ * Merges a partial policy with defaults
+ */
+export declare function mergePolicy(partial: Partial<AnonymizationPolicy>): AnonymizationPolicy;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAyB,MAAM,gBAAgB,CAAC;AAEhE,cAAc,gBAAgB,CAAC;AAE/B;;GAEG;AACH,oBAAY,eAAe;IACzB,KAAK,UAAU;IACf,GAAG,QAAQ;IACX,MAAM,WAAW;CAClB;AAMD;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAErE;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEtE;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,iCAAiC;IACjC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,2EAA2E;IAC3E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,gCAAgC,GAAG,CAAC,QAAQ,EAAE;IACxD,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,KAAK,IAAI,CAAC;AAEX;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;OAEG;IACH,kBAAkB,CAAC,EAAE,gCAAgC,CAAC;IAEtD;;OAEG;IACH,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,mBAAmB;IACnB,IAAI,EAAE,OAAO,CAAC;IACd,gFAAgF;IAChF,EAAE,EAAE,MAAM,CAAC;IACX,mEAAmE;IACnE,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,GAAG,EAAE,MAAM,CAAC;IACZ,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,MAAM,EAAE,eAAe,CAAC;IACxB,qEAAqE;IACrE,QAAQ,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,kBAAkB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,mBAAmB;IACnB,IAAI,EAAE,OAAO,CAAC;IACd,kDAAkD;IAClD,KAAK,EAAE,MAAM,CAAC;IACd,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,iCAAiC;IACjC,MAAM,EAAE,eAAe,CAAC;IACxB,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,qEAAqE;IACrE,QAAQ,CAAC,EAAE,kBAAkB,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,sCAAsC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,iCAAiC;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,IAAI,EAAE,OAAO,CAAC;IACd,mCAAmC;IACnC,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,sDAAsD;IACtD,YAAY,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAC3B,2CAA2C;IAC3C,iBAAiB,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAChC,yCAAyC;IACzC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAC9B,yFAAyF;IACzF,YAAY,EAAE,OAAO,EAAE,CAAC;IACxB,4DAA4D;IAC5D,oBAAoB,EAAE,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC3C,yDAAyD;IACzD,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,iEAAiE;IACjE,cAAc,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC5B,iDAAiD;IACjD,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,8DAA8D;IAC9D,sBAAsB,EAAE,OAAO,CAAC;IAChC,oDAAoD;IACpD,cAAc,EAAE,OAAO,CAAC;IACxB,yFAAyF;IACzF,qBAAqB,EAAE,OAAO,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,0CAA0C;IAC1C,YAAY,EAAE,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACtC,wCAAwC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,gBAAgB,EAAE,MAAM,CAAC;IACzB,4CAA4C;IAC5C,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,iDAAiD;IACjD,cAAc,EAAE,MAAM,CAAC;IACvB,mEAAmE;IACnE,QAAQ,EAAE,IAAI,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,CAAC;IAC7C,yDAAyD;IACzD,MAAM,EAAE,eAAe,CAAC;IACxB,yCAAyC;IACzC,KAAK,EAAE,kBAAkB,CAAC;CAC3B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,mBAAmB,CAyCzD;AAED;;GAEG;AACH,wBAAgB,WAAW,CACzB,OAAO,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACpC,mBAAmB,CA+BrB"}

package/dist/types/index.js

@@ -0,0 +1,80 @@
+import { PIIType, DEFAULT_TYPE_PRIORITY } from "./pii-types.js";
+export * from "./pii-types.js";
+/**
+ * Source of entity detection
+ */
+export var DetectionSource;
+(function (DetectionSource) {
+    DetectionSource["REGEX"] = "REGEX";
+    DetectionSource["NER"] = "NER";
+    DetectionSource["HYBRID"] = "HYBRID";
+})(DetectionSource || (DetectionSource = {}));
+/**
+ * Creates a default anonymization policy with all types enabled
+ */
+export function createDefaultPolicy() {
+    const allTypes = new Set(Object.values(PIIType));
+    const defaultThresholds = new Map();
+    for (const type of allTypes) {
+        // Higher threshold for NER-detected types (more uncertainty)
+        defaultThresholds.set(type, type === PIIType.PERSON || type === PIIType.ORG ? 0.7 : 0.5);
+    }
+    return {
+        enabledTypes: allTypes,
+        regexEnabledTypes: new Set([
+            PIIType.EMAIL,
+            PIIType.PHONE,
+            PIIType.IBAN,
+            PIIType.BIC_SWIFT,
+            PIIType.CREDIT_CARD,
+            PIIType.IP_ADDRESS,
+            PIIType.URL,
+            PIIType.CASE_ID,
+            PIIType.CUSTOMER_ID,
+        ]),
+        nerEnabledTypes: new Set([
+            PIIType.PERSON,
+            PIIType.ORG,
+            PIIType.LOCATION,
+            PIIType.ADDRESS,
+            PIIType.DATE_OF_BIRTH,
+        ]),
+        typePriority: [...DEFAULT_TYPE_PRIORITY],
+        confidenceThresholds: defaultThresholds,
+        customIdPatterns: [],
+        allowlistTerms: new Set(),
+        denylistPatterns: [],
+        reuseIdsForRepeatedPII: false,
+        enableLeakScan: true,
+        enableSemanticMasking: false,
+    };
+}
+/**
+ * Merges a partial policy with defaults
+ */
+export function mergePolicy(partial) {
+    const defaultPolicy = createDefaultPolicy();
+    // Deep merge confidenceThresholds Map
+    let confidenceThresholds = defaultPolicy.confidenceThresholds;
+    if (partial.confidenceThresholds !== undefined) {
+        confidenceThresholds = new Map(defaultPolicy.confidenceThresholds);
+        // Merge in partial thresholds
+        for (const [type, threshold] of partial.confidenceThresholds) {
+            confidenceThresholds.set(type, threshold);
+        }
+    }
+    return {
+        enabledTypes: partial.enabledTypes ?? defaultPolicy.enabledTypes,
+        regexEnabledTypes: partial.regexEnabledTypes ?? defaultPolicy.regexEnabledTypes,
+        nerEnabledTypes: partial.nerEnabledTypes ?? defaultPolicy.nerEnabledTypes,
+        typePriority: partial.typePriority ?? defaultPolicy.typePriority,
+        confidenceThresholds,
+        customIdPatterns: partial.customIdPatterns ?? defaultPolicy.customIdPatterns,
+        allowlistTerms: partial.allowlistTerms ?? defaultPolicy.allowlistTerms,
+        denylistPatterns: partial.denylistPatterns ?? defaultPolicy.denylistPatterns,
+        reuseIdsForRepeatedPII: partial.reuseIdsForRepeatedPII ?? defaultPolicy.reuseIdsForRepeatedPII,
+        enableLeakScan: partial.enableLeakScan ?? defaultPolicy.enableLeakScan,
+        enableSemanticMasking: partial.enableSemanticMasking ?? defaultPolicy.enableSemanticMasking,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AAEhE,cAAc,gBAAgB,CAAC;AAE/B;;GAEG;AACH,MAAM,CAAN,IAAY,eAIX;AAJD,WAAY,eAAe;IACzB,kCAAe,CAAA;IACf,8BAAW,CAAA;IACX,oCAAiB,CAAA;AACnB,CAAC,EAJW,eAAe,KAAf,eAAe,QAI1B;AAuMD;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAc,CAAC,CAAC;IAE9D,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAmB,CAAC;IACrD,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC5B,6DAA6D;QAC7D,iBAAiB,CAAC,GAAG,CACnB,IAAI,EACJ,IAAI,KAAK,OAAO,CAAC,MAAM,IAAI,IAAI,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAC5D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,QAAQ;QACtB,iBAAiB,EAAE,IAAI,GAAG,CAAC;YACzB,OAAO,CAAC,KAAK;YACb,OAAO,CAAC,KAAK;YACb,OAAO,CAAC,IAAI;YACZ,OAAO,CAAC,SAAS;YACjB,OAAO,CAAC,WAAW;YACnB,OAAO,CAAC,UAAU;YAClB,OAAO,CAAC,GAAG;YACX,OAAO,CAAC,OAAO;YACf,OAAO,CAAC,WAAW;SACpB,CAAC;QACF,eAAe,EAAE,IAAI,GAAG,CAAC;YACvB,OAAO,CAAC,MAAM;YACd,OAAO,CAAC,GAAG;YACX,OAAO,CAAC,QAAQ;YAChB,OAAO,CAAC,OAAO;YACf,OAAO,CAAC,aAAa;SACtB,CAAC;QACF,YAAY,EAAE,CAAC,GAAG,qBAAqB,CAAC;QACxC,oBAAoB,EAAE,iBAAiB;QACvC,gBAAgB,EAAE,EAAE;QACpB,cAAc,EAAE,IAAI,GAAG,EAAE;QACzB,gBAAgB,EAAE,EAAE;QACpB,sBAAsB,EAAE,KAAK;QAC7B,cAAc,EAAE,IAAI;QACpB,qBAAqB,EAAE,KAAK;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CACzB,OAAqC;IAErC,MAAM,aAAa,GAAG,mBAAmB,EAAE,CAAC;IAE5C,sCAAsC;IACtC,IAAI,oBAAoB,GAAG,aAAa,CAAC,oBAAoB,CAAC;IAC9D,IAAI,OAAO,CAAC,oBAAoB,KAAK,SAAS,EAAE,CAAC;QAC/C,oBAAoB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,oBAAoB,CAAC,CAAC;QACnE,8BAA8B;QAC9B,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAC7D,oBAAoB,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,OAAO;QACL,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,aAAa,CAAC,YAAY;QAChE,iBAAiB,EACf,OAAO,CAAC,iBAAiB,IAAI,aAAa,CAAC,iBAAiB;QAC9D,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,aAAa,CAAC,eAAe;QACzE,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,aAAa,CAAC,YAAY;QAChE,oBAAoB;QACpB,gBAAgB,EACd,OAAO,CAAC,gBAAgB,IAAI,aAAa,CAAC,gBAAgB;QAC5D,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,aAAa,CAAC,cAAc;QACtE,gBAAgB,EACd,OAAO,CAAC,gBAAgB,IAAI,aAAa,CAAC,gBAAgB;QAC5D,sBAAsB,EACpB,OAAO,CAAC,sBAAsB,IAAI,aAAa,CAAC,sBAAsB;QACxE,cAAc,EAAE,OAAO,CAAC,cAAc,IAAI,aAAa,CAAC,cAAc;QACtE,qBAAqB,EACnB,OAAO,CAAC,qBAAqB,IAAI,aAAa,CAAC,qBAAqB;KACvE,CAAC;AACJ,CAAC"}

package/dist/types/pii-types.d.ts

@@ -0,0 +1,50 @@
+/**
+ * PII Type Enumeration
+ * Defines all supported PII categories for detection and anonymization
+ */
+export declare enum PIIType {
+    PERSON = "PERSON",
+    ORG = "ORG",
+    LOCATION = "LOCATION",
+    ADDRESS = "ADDRESS",
+    EMAIL = "EMAIL",
+    PHONE = "PHONE",
+    URL = "URL",
+    IP_ADDRESS = "IP_ADDRESS",
+    IBAN = "IBAN",
+    BIC_SWIFT = "BIC_SWIFT",
+    ACCOUNT_NUMBER = "ACCOUNT_NUMBER",
+    CREDIT_CARD = "CREDIT_CARD",
+    TAX_ID = "TAX_ID",
+    NATIONAL_ID = "NATIONAL_ID",
+    DATE_OF_BIRTH = "DATE_OF_BIRTH",
+    CASE_ID = "CASE_ID",
+    CUSTOMER_ID = "CUSTOMER_ID"
+}
+/**
+ * All PII types as a readonly array for iteration
+ */
+export declare const ALL_PII_TYPES: readonly PIIType[];
+/**
+ * PII types that are detected via regex (structured PII)
+ */
+export declare const REGEX_PII_TYPES: readonly PIIType[];
+/**
+ * PII types that are detected via NER model (soft PII)
+ */
+export declare const NER_PII_TYPES: readonly PIIType[];
+/**
+ * Default priority order for resolving overlapping entities
+ * Higher index = higher priority
+ */
+export declare const DEFAULT_TYPE_PRIORITY: readonly PIIType[];
+/**
+ * Maps NER model labels to PIIType
+ * Common label formats from NER models (B-PER, I-PER, B-ORG, etc.)
+ */
+export declare const NER_LABEL_TO_PII_TYPE: Record<string, PIIType>;
+/**
+ * Get PIIType from NER label (handles B-/I- prefixes)
+ */
+export declare function getPIITypeFromNERLabel(label: string): PIIType | null;
+//# sourceMappingURL=pii-types.d.ts.map

package/dist/types/pii-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii-types.d.ts","sourceRoot":"","sources":["../../src/types/pii-types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,oBAAY,OAAO;IAEjB,MAAM,WAAW;IACjB,GAAG,QAAQ;IACX,QAAQ,aAAa;IACrB,OAAO,YAAY;IAGnB,KAAK,UAAU;IACf,KAAK,UAAU;IACf,GAAG,QAAQ;IACX,UAAU,eAAe;IAGzB,IAAI,SAAS;IACb,SAAS,cAAc;IACvB,cAAc,mBAAmB;IACjC,WAAW,gBAAgB;IAG3B,MAAM,WAAW;IACjB,WAAW,gBAAgB;IAC3B,aAAa,kBAAkB;IAG/B,OAAO,YAAY;IACnB,WAAW,gBAAgB;CAC5B;AAED;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,SAAS,OAAO,EAAwC,CAAC;AAErF;;GAEG;AACH,eAAO,MAAM,eAAe,EAAE,SAAS,OAAO,EAa7C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE,SAAS,OAAO,EAM3C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,SAAS,OAAO,EAqBnD,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAWzD,CAAC;AAEF;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,GAAG,IAAI,CASpE"}