Privacy Filter
Before returning a tool response to an AI agent, Ithil scrubs content matching configured PII patterns. This prevents sensitive data from flowing into the model’s context window — protecting your users and reducing compliance risk.
What it does
The privacy filter runs on every tool response after the downstream API call succeeds, before the response is forwarded to the agent. Matched patterns are replaced with a labelled redaction placeholder:
Original: "Customer email: alice@example.com, SSN: 123-45-6789"
Filtered: "Customer email: [EMAIL REDACTED], SSN: [SSN REDACTED]"Built-in rules
The following patterns are active by default and cannot be disabled:
| Rule | Pattern | Placeholder |
|---|---|---|
| Email address | RFC 5322 email regex | [EMAIL REDACTED] |
| US SSN | \d{3}-\d{2}-\d{4} | [SSN REDACTED] |
| Credit card | 13–16 digit sequences (with optional spaces/dashes) | [CARD REDACTED] |
Custom rules
Add additional regex patterns via appsettings.json:
{
"Ithil": {
"PrivacyFilter": {
"CustomRules": [
{
"Pattern": "EMP-\\d{6}",
"Replacement": "[EMPLOYEE_ID]"
},
{
"Pattern": "ACC\\d{10}",
"Replacement": "[ACCOUNT]"
}
]
}
}
}Each rule requires:
Pattern— .NET regex patternReplacement— text to substitute in place of the match
Custom rules are applied in order, after the three built-in rules.
Audit trail
The scrubbed response (with redaction placeholders) is what gets logged to the audit log. The original value is never logged.
Performance note
The privacy filter runs synchronously in the response pipeline. All patterns — built-in and custom — are compiled at startup. For high-throughput scenarios with many custom rules, benchmark the filter under load before going to production.