Detect and handle Personally Identifiable Information (PII) in conversations.
This middleware detects common PII types and applies configurable strategies to handle them. It can detect emails, credit cards, IP addresses, MAC addresses, and URLs in both user input and agent output.
Built-in PII types:
email: Email addressescredit_card: Credit card numbers (validated with Luhn algorithm)ip: IP addresses (validated with stdlib)mac_address: MAC addressesurl: URLs (both http/https and bare URLs)Strategies:
block: Raise an exception when PII is detectedredact: Replace PII with [REDACTED_TYPE] placeholdersmask: Partially mask PII (e.g., ****-****-****-1234 for credit card)hash: Replace PII with deterministic hash (e.g., <email_hash:a1b2c3d4>)Strategy Selection Guide:
| Strategy | Preserves Identity? | Best For |
|---|---|---|
block |
N/A | Avoid PII completely |
redact |
No | General compliance, log sanitization |
mask |
No | Human readability, customer service UIs |
hash |
Yes (pseudonymous) | Analytics, debugging |
PIIMiddleware(
self,
pii_type: Literal['email', 'credit_card', 'ip', 'mac_address', 'url'] | str,
*,
strategy: Literal['block', 'redact', 'mask', 'hash'] = 'redact',
detector: Callable[[str], list[PIIMatch]] | str | None = None,
apply_to_input: bool = True,
apply_to_output: bool = False,
apply_to_tool_results: bool = False
)Example:
from langchain.agents.middleware import PIIMiddleware
from langchain.agents import create_agent
# Redact all emails in user input
agent = create_agent(
"openai:gpt-5",
middleware=[
PIIMiddleware("email", strategy="redact"),
],
)
# Use different strategies for different PII types
agent = create_agent(
"openai:gpt-4o",
middleware=[
PIIMiddleware("credit_card", strategy="mask"),
PIIMiddleware("url", strategy="redact"),
PIIMiddleware("ip", strategy="hash"),
],
)
# Custom PII type with regex
agent = create_agent(
"openai:gpt-5",
middleware=[
PIIMiddleware("api_key", detector=r"sk-[a-zA-Z0-9]{32}", strategy="block"),
],
)| Name | Type | Description |
|---|---|---|
pii_type* | Literal['email', 'credit_card', 'ip', 'mac_address', 'url'] | str | Type of PII to detect. Can be a built-in type ( |
strategy | Literal['block', 'redact', 'mask', 'hash'] | Default: 'redact'How to handle detected PII. Options:
|
detector | Callable[[str], list[PIIMatch]] | str | None | Default: NoneCustom detector function or regex pattern.
|
apply_to_input | bool | Default: TrueWhether to check user messages before model call. |
apply_to_output | bool | Default: FalseWhether to check AI messages after model call. |
apply_to_tool_results | bool | Default: FalseWhether to check tool result messages after tool execution. |
Check user messages and tool results for PII before model invocation.
Async check user messages and tool results for PII before model invocation.
Check AI messages for PII after model invocation.
Async check AI messages for PII after model invocation.
Logic to run before the agent execution starts.
Async logic to run before the agent execution starts.
Intercept and control model execution via handler callback.
Intercept and control async model execution via handler callback.
Logic to run after the agent execution completes.
Async logic to run after the agent execution completes.
Intercept tool execution for retries, monitoring, or modification.
Intercept and control async tool execution via handler callback.