Detect and handle Personally Identifiable Information (PII) in conversations.
This middleware detects common PII types and applies configurable strategies to handle them. It can detect emails, credit cards, IP addresses, MAC addresses, and URLs in both user input and agent output.
Built-in PII types:
email: Email addressescredit_card: Credit card numbers (validated with Luhn algorithm)ip: IP addresses (validated with stdlib)mac_address: MAC addressesurl: URLs (both http/https and bare URLs)Strategies:
block: Raise an exception when PII is detectedredact: Replace PII with [REDACTED_TYPE] placeholdersmask: Partially mask PII (e.g., ****-****-****-1234 for credit card)hash: Replace PII with deterministic hash (e.g., <email_hash:a1b2c3d4>)Strategy Selection Guide:
| Strategy | Preserves Identity? | Best For |
|---|---|---|
block |
N/A | Avoid PII completely |
redact |
No | General compliance, log sanitization |
mask |
No | Human readability, customer service UIs |
hash |
Yes (pseudonymous) | Analytics, debugging |
PIIMiddleware(
self,
pii_type: Literal['email', 'credit_card', 'ip', 'mac_address', 'url'] | str,
*,
strategy: Literal['block', 'redact', 'mask', 'hash'] = 'redact',
detector: Callable[[str], list[PIIMatch]] | str | None = None,
apply_to_input: bool = True,
apply_to_output: bool = False,
apply_to_tool_results: bool = False
)Example:
from langchain.agents.middleware import PIIMiddleware
from langchain.agents import create_agent
# Redact all emails in user input
agent = create_agent(
"openai:gpt-5",
middleware=[
PIIMiddleware("email", strategy="redact"),
],
)
# Use different strategies for different PII types
agent = create_agent(
"openai:gpt-4o",
middleware=[
PIIMiddleware("credit_card", strategy="mask"),
PIIMiddleware("url", strategy="redact"),
PIIMiddleware("ip", strategy="hash"),
],
)
# Custom PII type with regex
agent = create_agent(
"openai:gpt-5",
middleware=[
PIIMiddleware("api_key", detector=r"sk-[a-zA-Z0-9]{32}", strategy="block"),
],
)| Name | Type | Description |
|---|---|---|
pii_type* | Literal['email', 'credit_card', 'ip', 'mac_address', 'url'] | str | Type of PII to detect. Can be a built-in type ( |
strategy | Literal['block', 'redact', 'mask', 'hash'] | Default: 'redact'How to handle detected PII. Options:
|
detector | Callable[[str], list[PIIMatch]] | str | None | Default: NoneCustom detector function or regex pattern.
|
apply_to_input | bool | Default: TrueWhether to check user messages before model call. |
apply_to_output | bool | Default: FalseWhether to check AI messages after model call. |
apply_to_tool_results | bool | Default: FalseWhether to check tool result messages after tool execution. |
Check user messages and tool results for PII before model invocation.
Async check user messages and tool results for PII before model invocation.
Check AI messages for PII after model invocation.
Async check AI messages for PII after model invocation.
Start the shell session and run startup commands.
Async start the shell session and run startup commands.
Update the system message to include the todo system prompt.
Update the system message to include the todo system prompt.
Run shutdown commands and release resources when an agent completes.
Async run shutdown commands and release resources when an agent completes.
Intercept tool execution for retries, monitoring, or modification.
Intercept and control async tool execution via handler callback.