Redact tool
The Redact tool replaces sensitive spans in the source with protected
placeholders before the content is processed (for example, before it is sent
to a translation provider), and stashes the originals locally so a later
unredact can restore them. It never emits the original value into the
rewritten content. It is a recoverable transformer: it produces an edit plan
— the span replacements plus the originals to vault — and the framework
applier rewrites the source, rebasing surviving run-anchored overlays so an
upstream annotator's terms or entities follow the rewrite.
Two detection backends can run, alone or together: rules matches literal
terms and regular expressions from a rules file or inline rules, and
entities redacts entity annotations already on the block (as produced by
ai-entity-extract). When no detector is configured, rules is used. The
originals are stored on the block as an in-process secret annotation by
default, or written to a sidecar vault when a vault path is supplied (the
external mode used by extract → merge).
Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
detectors | string[] | Detection backends to run: rules and/or entities | |
entityTypes | string[] | Entity categories to redact: person | |
placeholder | string | Visible stand-in template; supports {category} and {n} | |
rulesPath | string | Path to a redaction rules YAML file |
Configure these parameters interactively and copy the flow-step YAML on the Tool Reference.
Examples
Redact by rules file
Replace spans matched by a rules file with the default placeholder.
detectors: [rules] rulesPath: redaction-rules.yaml
Redact extracted entities
Redact person and organization entities already annotated on the block.
detectors: [entities] entityTypes: [person, organization]
Processing notes
A recoverable transformer — it returns an edit plan and the framework applier rewrites the source, rebasing surviving overlays across the rewrite. The placement pass requires it to run before any step that sends source to a remote sink.
Originals are recorded as an in-process secret annotation by default, or in a sidecar vault when a vault path is supplied (external mode); the applier vaults them atomically with the rewrite.
A later
unredactreads the recovery record to restore the originals.
Limitations
The
entitiesdetector only acts on entity annotations already present on the block; it does not detect entities itself — pair it withai-entity-extract.Inline rules and the sidecar vault path are supplied programmatically by callers (e.g. extract → merge) rather than through the schema fields documented here.
Operates on translatable source spans; dates, times, currencies, and measurements are excluded from the default entity set.
← Back to the Tool Reference