PII detection and security middleware for AI agent pipelines
Project description
┌─────────────────────────────────────────────────────┐
│ │
│ 🛡️ AzureAICommunity PII Security Middleware │
│ │
│ PII detection & blocking for AI agent pipelines │
│ │
└─────────────────────────────────────────────────────┘
Intercept, detect, and block sensitive personal data before it reaches your LLM — with zero friction.
Overview
azureaicommunity-agent-pii-middleware is a plug-and-play security layer for AI agent pipelines built on agent-framework. It scans every user message for PII using Microsoft's Recognizers Text library and can optionally route ambiguous detections through a secondary LLM for a second opinion.
User message
│
▼
┌────────────────────┐
│ PII Detection │ ← emails, phones, credit cards, SSNs…
│ (Recognizers NLP) │
└────────┬───────────┘
│ blocked entity found?
▼
┌────────────────────┐
│ LLM Validation │ ← optional secondary agent review
│ (allow / block) │
└────────┬───────────┘
│
┌────┴────┐
▼ ▼
BLOCKED ALLOWED
← 🚫 → LLM
✨ Features
| Feature | |
|---|---|
| 🔍 | PII detection — emails, phones, IPs, credit cards, SSNs, dates, numbers, units |
| 🎛️ | Profile-based config — one-line setup with strict, standard, financial, healthcare |
| 🔧 | Builder pattern — fluent API to compose and customize middleware pipelines |
| 🤖 | LLM validation — route edge cases through a secondary agent to reduce false positives |
| 🔌 | Framework integration — drops directly into agent-framework middleware pipelines |
📦 Installation
pip install azureaicommunity-agent-pii-middleware
🚀 Quick Start
import asyncio
from agent_framework.ollama import OllamaChatClient
from agent_framework import Agent
from pii_middleware import PIIMiddleware
# Build a middleware pipeline using the "standard" profile
middleware = (
PIIMiddleware
.profile("standard")
.build()
)
async def main():
client = OllamaChatClient(model="gemma3:4b")
agent = Agent(client)
result = await agent.run("My email is user@example.com", middleware=middleware)
print(result.text)
# → "Message blocked: sensitive information detected (email)."
asyncio.run(main())
🎛️ Security Profiles
Choose a pre-built profile to get started instantly:
| Profile | Blocked | Allowed |
|---|---|---|
strict |
email phone_number ip credit_card |
datetime number |
standard |
email phone_number |
datetime number unit |
financial |
credit_card ssn account_number email |
datetime |
healthcare |
patient_id ssn email phone_number |
datetime unit |
# Built-in profile
middleware = PIIMiddleware.profile("strict").build()
# Custom profile dict
middleware = (
PIIMiddleware
.profile({"block": ["email", "ssn"], "allow": ["datetime"]})
.build()
)
🔧 Custom Entity Lists
Fine-tune the block/allow lists after applying any profile:
middleware = (
PIIMiddleware
.profile("standard")
.block_entities(["email", "phone_number", "credit_card"])
.allow_entities(["datetime", "number"])
.build()
)
🤖 LLM-Assisted Validation
Attach a secondary LLM agent that makes the final allow/block decision when PII is detected:
from agent_framework.ollama import OllamaChatClient
from agent_framework import Agent
validator = Agent(OllamaChatClient(model="gemma3:4b"))
middleware = (
PIIMiddleware
.profile("standard")
.llm_agent(validator)
.build()
)
The validator receives the message and the list of detected entities, and responds with
alloworblock. This significantly reduces false positives on ambiguous inputs like dates or reference numbers.
⚙️ How It Works
1. Intercept → middleware captures the last user message
2. Detect → Recognizers Text extracts entity types
3. Filter → entities not in allow_list are candidates
4. Match → candidates matched against block_list
5. Validate → (optional) LLM agent makes final decision
6. Block / Pass → blocked messages short-circuit the pipeline
— the primary LLM is never called
🤝 Contributing
Contributions are welcome! Please open an issue to discuss what you'd like to change before submitting a pull request.
- Fork the repository
- Create a feature branch (
git checkout -b feature/my-feature) - Commit your changes (
git commit -m 'Add my feature') - Push to the branch (
git push origin feature/my-feature) - Open a Pull Request
📄 License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file azureaicommunity_agent_pii_middleware-0.1.0.tar.gz.
File metadata
- Download URL: azureaicommunity_agent_pii_middleware-0.1.0.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6ac33977cf5eeeba2e43449b85b205841caf23701f6d17902485788d59410c7b
|
|
| MD5 |
8936f09da345a5979e58c9ed65a7722b
|
|
| BLAKE2b-256 |
844f80f65047bb15230f7a1688f824be9b4ed165a32be3f1083ef5abca497256
|
File details
Details for the file azureaicommunity_agent_pii_middleware-0.1.0-py3-none-any.whl.
File metadata
- Download URL: azureaicommunity_agent_pii_middleware-0.1.0-py3-none-any.whl
- Upload date:
- Size: 6.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fa8ec648c76ffdc2bab2e9459a1a4bc0a51a0ba6e166c9ebf2120d998ba5ab90
|
|
| MD5 |
845cfc88d56bdeff1dc8540b0cb9bb40
|
|
| BLAKE2b-256 |
df9e66b53b626dcc6d1887f74902290d3bb2bea8e51421c011a57da33d61dd8e
|
