security 1 credit · ~$0.015 <20ms
PII / PHI / PCI Firewall
POST /v1/scan/pii The deterministic gate an agent calls before text crosses a trust boundary — a log line, a ticket, a third-party API, or a persisted transcript. It detects regulated personal data, redacts it, and returns a signed PASS/FLAG/BLOCK verdict. No network calls, nothing leaves the box, and raw values are never echoed back.
Capabilities
- ✓ Checksum-validated: credit cards (Luhn), IBANs (ISO-7064 mod-97), UK NHS (mod-11), Canadian SIN (Luhn)
- ✓ Structural: US SSN (SSA rules), email, phone, IPv4 — with overlap resolution
- ✓ PII / PHI / PCI categories and severity scoring
- ✓ Format-preserving masking plus a fully redacted copy of the input
- ✓ Enforcement modes: block / flag / audit
- ✓ Policy: severity threshold, allowTypes, jurisdictions, redact on/off
- ✓ Tamper-evident SHA-256 certificate bound to the input hash
Use cases
- → Support agents: strip SSNs and cards before writing tickets or transcripts
- → Healthcare and telehealth copilots: keep PHI out of prompts and non-BAA vendors
- → Fintech and PCI: block raw card numbers from leaving the boundary
- → HR and recruiting agents: guard employee records and offer letters
- → GDPR / HIPAA / CCPA: a pre-flight gate plus an audit certificate for every egress
example
curl -X POST https://api.agent-toolbox.ai/v1/scan/pii \
-H "Content-Type: application/json" \
-d '{"text": "Patient SSN 219-09-9999, card 4111 1111 1111 1111"}' response shape
{
"verdict": "PASS" | "FLAG" | "BLOCK",
// tool-specific findings…
"certificate": "sha256:..."
}