schema_version: 1 name: text-anonymize version: 0.1.0 # Capability provided by this module. provides: - capability: text.anonymize version: 0.1.0 # Inputs the invoke function accepts. inputs: # The text to anonymize. Plain UTF-8, any length the host # tolerates as a Payload::Text (operator policy caps). text: text # Optional newline-separated list of additional bare terms # (operator-supplied — names of people, organisations, or # places that the regex patterns won't catch) to redact in # addition to the built-in categories. Empty string disables # this extension. Each line is matched whole-word # (case-insensitive). custom_terms: text # Outputs produced. outputs: # The anonymized text. Each detected entity is replaced # with a token of the shape ⟦TYPE_N⟧ where TYPE is the # category (EMAIL, PHONE, IBAN, BIC, IPV4, GERMAN_TAX_ID, # NAME, CUSTOM) and N is a stable counter starting at 1 # per category, in order of first occurrence. The opening # / closing characters are U+27E6 / U+27E7 (mathematical # white square brackets) so the token never collides with # plain `[…]` already present in the source. anonymized: text # JSON report describing each redaction: # { # "redactions": [ # { "type": "EMAIL", "token": "⟦EMAIL_1⟧", # "original": "foo@bar.de", "offset": 42 } # ], # "counts": { "EMAIL": 3, "PHONE": 1, ... } # } # The full `original` text is included so the operator can # run a verify-pass against the redacted file (compliance: # GDPR Art. 32(1)(a) "ability to undo" requirement). Hub # operators that want a pseudo-anonymisation-only flow can # discard this output downstream. report: json # Permissions required. # # Pure-Rust, regex-only, in-WASM. No filesystem, no network, # no LLM. The empty list makes that explicit. permissions: []