### Install and Run CloakPipe Binary Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Methods for installing the CloakPipe binary via Cargo or the installation script, followed by starting the proxy server. ```bash # Install via cargo cargo install cloakpipe # Or download the latest release curl -fsSL https://cloakpipe.co/install.sh | sh # Start the proxy cloakpipe serve --port 3100 ``` -------------------------------- ### Docker Quick Start for CloakPipe Proxy Source: https://context7.com/rohansx/cloakpipe/llms.txt This snippet demonstrates how to quickly start the CloakPipe proxy server using Docker and configure an OpenAI SDK to use it as its base URL. It includes an example `curl` command to test the proxy with a sample prompt containing PII. ```bash # Start CloakPipe proxy docker run -p 3100:3100 ghcr.io/cloakpipe/cloakpipe:latest # Point your OpenAI SDK at CloakPipe export OPENAI_BASE_URL=http://localhost:3100/v1 # Test with curl curl http://localhost:3100/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -d '{ "model": "gpt-4", "messages": [ {"role": "user", "content": "Summarize the case for Rajesh Singh, Aadhaar 2345 6789 0123, treated at Apollo Hospital Mumbai."} ] }' # CloakPipe logs: # ✓ Detected 3 entities: PERSON, AADHAAR, ORGANIZATION # ✓ Masked: Rajesh Singh → PERSON_042, 2345 6789 0123 → AADHAAR_017, Apollo Hospital Mumbai → ORG_003 # ✓ Proxied to api.openai.com (sanitized) # ✓ Unmasked response: PERSON_042 → Rajesh Singh (restored) ``` -------------------------------- ### CLI Installation and Usage for CloakPipe Source: https://context7.com/rohansx/cloakpipe/llms.txt This section covers the installation of CloakPipe via `cargo` or a shell script, followed by essential CLI commands for initialization, scanning text for PII, masking sensitive data, serving the proxy, testing the detection pipeline, and checking vault statistics. ```bash # Install via cargo carp install cloakpipe # Or download the latest release curl -fsSL https://cloakpipe.co/install.sh | sh # Initialize configuration file cloakpipe init # Created cloakpipe.toml # Next steps: # 1. Set OPENAI_API_KEY (or your upstream API key) # 2. Set CLOAKPIPE_VAULT_KEY (64-char hex string for encryption) # 3. Run: cloakpipe start # Scan text for PII (detection only) cloakpipe scan "Dr. Rajesh Singh, Aadhaar 2345 6789 0123" # Output: # ✓ PERSON: "Dr. Rajesh Singh" (confidence: 97%, source: Ner) # ✓ AADHAAR: "2345 6789 0123" (confidence: 100%, source: Pattern) # Mask text with pseudonymization cloakpipe mask "Contact Priya at priya@example.com or +91 98765 43210" # Output: "Contact PERSON_001 at EMAIL_001 or PHONE_001" # Start the proxy server cloakpipe serve --port 3100 # Start with a specific policy file cloakpipe serve --port 3100 --policy policies/dpdp.yaml # Test detection pipeline with sample text cloakpipe test --text "Tata Motors reported $1.2M revenue. Email: cfo@tatamotors.com" # -- Input -- # Tata Motors reported $1.2M revenue. Email: cfo@tatamotors.com # -- Detected Entities (3) -- # [Organization] "Tata Motors" (confidence: 97%, source: Ner) # [Amount] "$1.2M" (confidence: 100%, source: Financial) # [Email] "cfo@tatamotors.com" (confidence: 100%, source: Pattern) # -- Pseudonymized -- # ORG_1 reported AMOUNT_1 revenue. Email: EMAIL_1 # -- Rehydrated -- # Tata Motors reported $1.2M revenue. Email: cfo@tatamotors.com # Tokens rehydrated: 3 # Roundtrip match: YES # Check vault statistics cloakpipe stats # Vault: ./vault.enc # Total mappings: 47 # Categories: # Email: 12 # Amount: 15 # Organization: 8 # Person: 12 ``` -------------------------------- ### Start MCP Server (Bash) Source: https://context7.com/rohansx/cloakpipe/llms.txt A simple bash command to start the CloakPipe MCP server using standard input/output transport for AI agent integration. ```bash # Start MCP server (stdio transport) cloakpipe mcp ``` -------------------------------- ### Install langchain-cloakpipe via pip Source: https://github.com/rohansx/cloakpipe/blob/main/integrations/langchain-cloakpipe/README.md Installs the necessary Python package to enable CloakPipe integration within a LangChain environment. ```bash pip install langchain-cloakpipe ``` -------------------------------- ### Initialize Vault Key and Start CloakPipe Service Source: https://context7.com/rohansx/cloakpipe/llms.txt These bash commands demonstrate how to generate a secure vault key, set the OpenAI API key, and then start the CloakPipe service in detached mode using Docker Compose. It also shows how to check the service's health status. ```bash # Generate vault key and start export VAULT_KEY=$(openssl rand -hex 32) export OPENAI_API_KEY=sk-your-key docker-compose up -d # Check health curl http://localhost:3100/health # {"status":"ok","service":"cloakpipe"} ``` -------------------------------- ### Install llamaindex-cloakpipe Source: https://github.com/rohansx/cloakpipe/blob/main/integrations/llamaindex-cloakpipe/README.md Installs the llamaindex-cloakpipe package using pip. This is the primary step to integrate CloakPipe with LlamaIndex. ```bash pip install llamaindex-cloakpipe ``` -------------------------------- ### Jaro-Winkler Similarity Examples Source: https://github.com/rohansx/cloakpipe/blob/main/challenges.md Demonstrates the Jaro-Winkler similarity scores for various string pairs, highlighting its effectiveness for misspellings and variants, and its potential for false positives with similar-sounding names. ```python jaro_winkler("Rishikesh", "Rishiksh") = 0.96 ← misspelling, high match jaro_winkler("Rishikesh", "Rishi") = 0.87 ← variant, decent match jaro_winkler("Rishikesh", "Mumbai") = 0.42 ← different, low match jaro_winkler("John", "Joan") = 0.88 ← danger zone! ``` -------------------------------- ### CloakPipe CLI: Scan and Mask Text Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Shows examples of using the CloakPipe CLI for scanning text to detect PII and masking text by replacing PII with tokens. These commands operate directly on input strings without needing to start the proxy server. ```bash # Scan text for PII (no proxy, just detection) cloakpipe scan "Dr. Rajesh Singh, Aadhaar 2345 6789 0123" # Output: # ✓ PERSON: "Dr. Rajesh Singh" (confidence: 0.97) # ✓ AADHAAR: "2345 6789 0123" (confidence: 1.00) # Mask text (replace PII with tokens) cloakpipe mask "Contact Priya at priya@example.com or +91 98765 43210" # Output: "Contact PERSON_001 at EMAIL_001 or PHONE_001" ``` -------------------------------- ### Entity Resolution Example: Before and After Resolver Source: https://github.com/rohansx/cloakpipe/blob/main/challenges.md Illustrates the impact of the proposed entity resolution system on a sample input string. It shows how the resolver consolidates multiple tokens into a single token for the same entity, correcting issues caused by variants and misspellings. ```text Input: "Rishi sent $500 to Rishikesh Kumar. Rishiksh (typo) confirmed." Without resolver (current): Rishi → PERSON_1 Rishikesh Kumar → PERSON_2 Rishiksh → PERSON_3 ← 3 tokens, broken With resolver (v0.6): Rishi → PERSON_1 Rishikesh Kumar → PERSON_1 (prefix match + same doc) Rishiksh → PERSON_1 (jaro-winkler 0.96) ← 1 token, correct ``` -------------------------------- ### CloakPipe CLI: Serve Proxy and Health Check Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Demonstrates how to start the CloakPipe proxy server using the CLI, optionally with a specific policy file, and how to check the proxy's health status. ```bash # Start the proxy server cloakpipe serve --port 3100 # Start with a specific policy cloakpipe serve --port 3100 --policy policies/dpdp.yaml # Check proxy health cloakpipe health ``` -------------------------------- ### Implement Session Tracking in Python Source: https://context7.com/rohansx/cloakpipe/llms.txt Example of using the OpenAI SDK with Cloakpipe's session tracking by passing the x-session-id header to maintain context across API calls. ```python from openai import OpenAI client = OpenAI(base_url="http://localhost:3100/v1") # Include session ID header for context tracking response = client.chat.completions.create( model="gpt-4", messages=[ {"role": "user", "content": "My name is Rajesh Singh and my email is raj@example.com"} ], extra_headers={"x-session-id": "conversation-123"} ) ``` -------------------------------- ### curl Integration with CloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Provides an example of using `curl` to interact with the CloakPipe proxy, which is compatible with any LLM API that uses the OpenAI format. This allows for direct API testing and integration. ```bash # Works with any LLM API that uses the OpenAI format curl http://localhost:3100/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -d '{ "model": "gpt-4", "messages": [{"role": "user", "content": "Your prompt with PII here"}] }' ``` -------------------------------- ### Perform MCP Tool Operations Source: https://context7.com/rohansx/cloakpipe/llms.txt Examples of JSON-RPC style requests and responses for Cloakpipe MCP tools including pseudonymization, rehydration, detection, configuration, and session context. ```json // Pseudonymize text { "tool": "pseudonymize", "arguments": { "text": "Send $1.2M to alice@acme.com by March 2025" } } // Rehydrate text { "tool": "rehydrate", "arguments": { "text": "The payment of AMOUNT_1 to EMAIL_1 is confirmed." } } // Detect PII (dry run) { "tool": "detect", "arguments": { "text": "Contact Rajesh at +91 98765 43210" } } // Configure industry profile { "tool": "configure", "arguments": { "profile": "healthcare", "enable": ["phone_numbers"], "disable": ["ip_addresses"] } } // Get vault statistics {"tool": "vault_stats"} // Get session context { "tool": "session_context", "arguments": {"session_id": "list"} } ``` -------------------------------- ### Initialize and use ChatCloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/integrations/langchain-cloakpipe/README.md Demonstrates how to import and instantiate the ChatCloakPipe class as a replacement for ChatOpenAI. It requires an OpenAI API key and assumes a local CloakPipe proxy instance is running. ```python from langchain_cloakpipe import ChatCloakPipe llm = ChatCloakPipe(model="gpt-4", openai_api_key="sk-...") response = llm.invoke("Summarize case for Rajesh Singh, Aadhaar 2345 6789 0123") ``` -------------------------------- ### Initialize and Use CloakPipeLLM with LlamaIndex Source: https://github.com/rohansx/cloakpipe/blob/main/integrations/llamaindex-cloakpipe/README.md Demonstrates how to initialize the CloakPipeLLM and use it to complete a prompt. It requires an API key and optionally allows specifying the CloakPipe URL if not running on the default localhost:3100. ```python from llamaindex_cloakpipe import CloakPipeLLM llm = CloakPipeLLM(model="gpt-4", api_key="sk-...") response = llm.complete("Summarize case for Rajesh, PAN BNZPM2501F") ``` -------------------------------- ### Programmatic CloakTree Indexing and Searching (Rust) Source: https://context7.com/rohansx/cloakpipe/llms.txt Demonstrates how to programmatically build a document index using TreeIndexer, save it using TreeStorage, and then search the index using TreeSearcher. Requires API keys and upstream URLs. Outputs reasoning and matching node IDs. ```rust use cloakpipe_tree::{TreeIndexer, TreeSearcher, storage::TreeStorage}; use cloakpipe_tree::config::TreeConfig; // Programmatic CloakTree usage // Build tree index from document let config = TreeConfig { storage_path: "./trees/".into(), index_model: "gpt-4o".into(), search_model: "gpt-4o".into(), add_node_summaries: true, pseudonymize_summaries: true, ..Default::default() }; // Assuming api_key and upstream_url are defined elsewhere // let api_key = "YOUR_API_KEY"; // let upstream_url = "YOUR_UPSTREAM_URL"; // let indexer = TreeIndexer::new(config.clone(), api_key, upstream_url); // let tree_index = indexer.build_index("document.pdf").await?; // Save for later use // let path = TreeStorage::save(&tree_index, &config.storage_path)?; // Search the tree // let searcher = TreeSearcher::new(api_key, upstream_url, config.search_model); // let result = searcher.search(&tree_index, "What is the revenue breakdown?").await?; // println!("Reasoning: {}", result.reasoning); // println!("Matching nodes: {:?}", result.node_ids); ``` -------------------------------- ### Scan and Mask PII in Directories Source: https://context7.com/rohansx/cloakpipe/llms.txt CLI commands for scanning document directories for PII, supporting detection-only mode, token-based masking, and format-preserving strategies. ```bash # Scan directory for PII (detect only) cloakpipe scan ./documents/ --detect-only # Scan and mask with token strategy cloakpipe scan ./documents/ --output ./documents-masked/ # Scan with format-preserving strategy cloakpipe scan ./documents/ --output ./documents-fp/ --strategy format-preserving # Filter by confidence threshold cloakpipe scan ./documents/ --detect-only --min-confidence 0.95 ``` -------------------------------- ### Manage Sessions via CLI Source: https://context7.com/rohansx/cloakpipe/llms.txt Command-line interface commands for listing, inspecting, and flushing session contexts to manage PII tracking. ```bash # List active sessions cloakpipe sessions list # Inspect specific session cloakpipe sessions inspect sess_abc123 # Flush a session cloakpipe sessions flush sess_abc123 # Flush all sessions cloakpipe sessions flush-all ``` -------------------------------- ### Configuration File Source: https://context7.com/rohansx/cloakpipe/llms.txt Configure detection behavior, vault settings, and privacy tiers via TOML configuration. ```APIDOC ## Configuration File ### Description Configure detection behavior, vault settings, and privacy tiers via TOML configuration. ### Method Configuration File (TOML) ### Endpoint `claude_desktop_config.json` (for Claude Code settings) ### Parameters #### Request Body - **mcpServers** (object) - Required - Configuration for MCP servers. - **cloakpipe** (object) - Required - Configuration for the cloakpipe MCP server. - **command** (string) - Required - The command to execute for cloakpipe. - **args** (array) - Optional - Arguments to pass to the cloakpipe command. ### Request Example ```json { "mcpServers": { "cloakpipe": { "command": "cloakpipe", "args": ["mcp"] } } } ``` ### Response #### Success Response (200) - **active_profile** (string) - The currently active industry profile. - **secrets** (boolean) - Whether secrets detection is enabled. - **financial** (boolean) - Whether financial data detection is enabled. - **dates** (boolean) - Whether date detection is enabled. - **emails** (boolean) - Whether email detection is enabled. - **phone_numbers** (boolean) - Whether phone number detection is enabled. - **ip_addresses** (boolean) - Whether IP address detection is enabled. #### Response Example ```json { "active_profile": "healthcare", "secrets": true, "financial": true, "dates": true, "emails": true, "phone_numbers": true, "ip_addresses": false } ``` ``` -------------------------------- ### Deploy and Configure CloakPipe Proxy Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Instructions for running the CloakPipe proxy using Docker and configuring the OpenAI SDK to route traffic through the local instance. ```bash # Start CloakPipe docker run -p 3100:3100 ghcr.io/cloakpipe/cloakpipe:latest # Point your OpenAI SDK at CloakPipe export OPENAI_BASE_URL=http://localhost:3100/v1 ``` -------------------------------- ### Query Document with CloakTree CLI for Q&A Source: https://context7.com/rohansx/cloakpipe/llms.txt This command leverages the CloakTree CLI to perform full question-answering on a document. It extracts relevant context from the document based on the provided question and generates a concise answer, citing the sources used. The document is indexed if not already present. ```bash # Full question-answering with context extraction cloakpipe tree query --file annual-report-2025.pdf --question "What were the key financial highlights?" # Index saved: ./trees/doc_a1b2c3d4.json # Question: What were the key financial highlights? # Sources (3): # [1] Financial Highlights (pages 4-8) # [1.1] Revenue Breakdown by Segment (pages 5-6) # [1.2] EBITDA and Margins (pages 7-8) # Answer: # The key financial highlights for FY25 include total revenue of Rs 3.4L Cr... ``` -------------------------------- ### Prefix/Containment Check Logic Source: https://github.com/rohansx/cloakpipe/blob/main/challenges.md Illustrates the rules for prefix and containment checks used in entity resolution. It includes conditions for applying bonuses and rejecting matches based on length and structure. ```text "Rishi" is prefix of "Rishikesh" → +0.2 bonus "R. Kumar" contains part of "Rishikesh" → no match (different structure) "Al" is prefix of "Alice" → rejected (len < 4, too short) ``` -------------------------------- ### CloakPipe Resolver Module Implementation Details Source: https://github.com/rohansx/cloakpipe/blob/main/challenges.md Outlines the implementation details for the new entity resolution module in CloakPipe, including its location, dependencies, and configuration additions. It emphasizes minimal new dependencies. ```rust New module: cloakpipe-core/src/resolver.rs Depends on: - strsim crate (Jaro-Winkler, Levenshtein) — tiny, no dependencies - vault (to check existing entries) - detector output (categories) Config additions: [detection.resolver] enabled = true threshold = 0.90 prefix_matching = true min_prefix_len = 4 [[detection.aliases]] group = ["Rishikesh", "Rishi"] ``` -------------------------------- ### Configure CloakPipe Proxy and Detection Settings Source: https://context7.com/rohansx/cloakpipe/llms.txt This TOML configuration file defines the proxy settings, vault parameters, data detection rules, and tree/vector storage for CloakPipe. It allows customization of listening addresses, upstream APIs, encryption, and various data detection sensitivities. ```toml [proxy] listen = "127.0.0.1:3100" upstream = "https://api.openai.com" api_key_env = "OPENAI_API_KEY" timeout_seconds = 120 max_concurrent = 256 mode = "proxy" # "proxy" | "cloaktree" | "cloakvector" [vault] path = "./vault.enc" encryption = "aes-256-gcm" key_env = "CLOAKPIPE_VAULT_KEY" backend = "file" # "file" | "sqlite" [detection] secrets = true # API keys, tokens, passwords financial = true # Currency amounts, percentages dates = true # Dates, fiscal quarters emails = true # Email addresses phone_numbers = true # Phone numbers (including +91 format) ip_addresses = true # IPv4 and IPv6 addresses urls_internal = true # Internal URLs [detection.ner] enabled = true backend = "gliner" # "bert" | "gliner" model = "./models/ner-english-base.onnx" confidence_threshold = 0.85 entity_types = ["PERSON", "ORG", "LOC", "DATE"] [detection.custom] patterns = [ { name = "AADHAAR", pattern = "\\d{4}\\s?\\d{4}\\s?\\d{4}", category = "Custom" }, { name = "PAN", pattern = "[A-Z]{5}\\d{4}[A-Z]", category = "Custom" }, ] [detection.overrides] preserve = ["Google", "Microsoft", "OpenAI"] # Never anonymize these force = ["Project Titan", "internal-api.company.com"] # Always anonymize [tree] enabled = true storage_path = "./trees/" index_model = "gpt-4o" search_model = "gpt-4o" add_node_summaries = true pseudonymize_summaries = true [vectors] encrypt = true # Enable ADCPE encryption [session] enabled = true id_from = "header:x-session-id" # Extract session ID from header ttl_seconds = 3600 # Session expiry [audit] enabled = true log_path = "./audit/" format = "jsonl" retention_days = 90 log_entities = true log_mappings = false # Don't log actual PII values ``` -------------------------------- ### Index Document with CloakTree CLI Source: https://context7.com/rohansx/cloakpipe/llms.txt The CloakTree API, accessed via the command-line interface, enables LLM-driven document search without embedding APIs or vector databases. This command indexes a PDF document, creating a hierarchical tree structure for efficient retrieval. It outputs metadata about the created index. ```bash # Index a document (builds hierarchical tree structure) cloakpipe tree index annual-report-2025.pdf # Tree index created: # ID: doc_a1b2c3d4 # Source: annual-report-2025.pdf # Nodes: 47 # Depth: 4 # Pages: 120 # Saved: ./trees/doc_a1b2c3d4.json ``` -------------------------------- ### Search Document Tree with CloakTree CLI Source: https://context7.com/rohansx/cloakpipe/llms.txt This command uses the CloakTree CLI to search an indexed document tree with a natural language query. It provides reasoning for the search results, confidence score, and identifies matching nodes within the document structure. Requires a pre-indexed tree file. ```bash # Search the tree with natural language cloakpipe tree search --index ./trees/doc_a1b2c3d4.json --query "What was the EBITDA margin in Q3?" # Search results for: What was the EBITDA margin in Q3? # Reasoning: The query asks about EBITDA margin for Q3, found in Financial Highlights section # Confidence: 92% # Matching nodes: # [1.2] EBITDA and Margins (pages 7-8) # Q3 FY25 EBITDA margin was 14.2%, up 180bps YoY... ``` -------------------------------- ### CloakPipe Configuration: Environment Variables Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Lists common environment variables used to configure the CloakPipe proxy server, including settings for port, host, log level, upstream LLM URL, timeout, policy file, and minimum detection confidence. ```bash # Proxy settings CLOAKPIPE_PORT=3100 # Proxy port (default: 3100) CLOAKPIPE_HOST=0.0.0.0 # Bind address (default: 0.0.0.0) CLOAKPIPE_LOG_LEVEL=info # Log level: debug, info, warn, error # LLM provider CLOAKPIPE_UPSTREAM_URL=https://api.openai.com # Default upstream LLM API CLOAKPIPE_TIMEOUT=30 # Request timeout in seconds # Detection CLOAKPIPE_POLICY=policies/dpdp.yaml # Policy file path CLOAKPIPE_MIN_CONFIDENCE=0.8 # Minimum NER confidence threshold (0.0–1.0) ``` -------------------------------- ### Stream LLM Responses with CloakPipe Source: https://context7.com/rohansx/cloakpipe/llms.txt Demonstrates how to perform real-time streaming of LLM completions while maintaining privacy protection. Requires an active CloakPipe client configured for streaming. ```python stream = client.chat.completions.create( model="gpt-4", messages=[ {"role": "user", "content": "Summarize patient records for Aadhaar 2345 6789 0123"} ], stream=True ) for chunk in stream: if chunk.choices[0].delta.content: print(chunk.choices[0].delta.content, end="", flush=True) ``` -------------------------------- ### List Indexed Documents with CloakTree CLI Source: https://context7.com/rohansx/cloakpipe/llms.txt This command uses the CloakTree CLI to list all documents that have been indexed into tree structures. It displays the unique ID assigned to each index and its corresponding source file path, allowing users to manage their indexed documents. ```bash # List all indexed documents cloakpipe tree list # Tree indices (3): # doc_a1b2c3d4 -> annual-report-2025.pdf # doc_e5f6g7h8 -> legal-contract.pdf ``` -------------------------------- ### OpenAI Python SDK Integration with CloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Demonstrates how to configure the OpenAI Python SDK to use CloakPipe as a proxy. By changing the base URL, all requests to OpenAI will be routed through CloakPipe for PII detection and masking. ```python from openai import OpenAI # Just change the base URL. That's it. client = OpenAI( base_url="http://localhost:3100/v1", # CloakPipe proxy api_key="sk-your-openai-key" # Your real API key ) response = client.chat.completions.create( model="gpt-4", messages=[ {"role": "user", "content": "Analyze the account for Priya Sharma, PAN BNZPM2501F"} ] ) # CloakPipe detected PAN and person name, masked them, # sent sanitized prompt to OpenAI, and unmasked the response. print(response.choices[0].message.content) ``` -------------------------------- ### Configure Cloakpipe MCP Server Source: https://context7.com/rohansx/cloakpipe/llms.txt Configuration snippet for integrating Cloakpipe as an MCP server within the Claude Desktop environment. ```json { "mcpServers": { "cloakpipe": { "command": "cloakpipe", "args": ["mcp"] } } } ``` -------------------------------- ### Define CloakPipe Environment Variables Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Configuration settings for the vault path, encryption keys, and cloud dashboard integration. ```bash CLOAKPIPE_VAULT_PATH=./vault.db CLOAKPIPE_VAULT_KEY= CLOAKPIPE_CLOUD_TOKEN= ``` -------------------------------- ### User-Defined Alias Groups Configuration (TOML) Source: https://github.com/rohansx/cloakpipe/blob/main/challenges.md Shows how to define custom alias groups in the `cloakpipe.toml` configuration file. This allows enterprises to explicitly map known aliases for entities, overriding fuzzy matching logic. ```toml # In cloakpipe.toml [[detection.aliases]] group = ["Rishikesh Kumar", "Rishi", "Rishi kesh", "R. Kumar"] [[detection.aliases]] group = ["Robert Smith", "Bob Smith", "Bob", "Rob"] ``` -------------------------------- ### ADCPE Vector Encryption and Decryption (Bash) Source: https://context7.com/rohansx/cloakpipe/llms.txt Provides bash commands for managing ADCPE encryption keys, testing distance preservation, and encrypting/decrypting embedding vectors from JSON files. Requires OpenSSL and CloakPipe CLI. ```bash # Generate encryption key export CLOAKPIPE_VECTOR_KEY=$(openssl rand -hex 32) # Test ADCPE distance preservation cloakpipe vector test --dim 1536 # ADCPE Test (dim=1536) # Cosine similarity (original): 0.234567 # Cosine similarity (encrypted): 0.234567 # Distance preserved: YES # Roundtrip max error: 1.23e-15 # Roundtrip exact: YES # Encrypt vectors from file cloakpipe vector encrypt --input embeddings.json --output encrypted.json --dim 1536 # Encrypted 100 vectors (dim=1536) -> encrypted.json # Decrypt vectors cloakpipe vector decrypt --input encrypted.json --output decrypted.json --dim 1536 # Decrypted 100 vectors (dim=1536) -> decrypted.json ``` -------------------------------- ### LangChain Integration with CloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Shows how to integrate CloakPipe with LangChain by specifying the CloakPipe proxy URL in the ChatOpenAI configuration. This ensures that prompts sent through LangChain are processed by CloakPipe before reaching the LLM. ```python from langchain_openai import ChatOpenAI llm = ChatOpenAI( model="gpt-4", openai_api_base="http://localhost:3100/v1", # CloakPipe proxy openai_api_key="sk-your-key" ) response = llm.invoke("Summarize patient records for Aadhaar 2345 6789 0123") ``` -------------------------------- ### RAG Pipeline Scanning API Source: https://context7.com/rohansx/cloakpipe/llms.txt Scan and mask PII across entire document directories for RAG ingestion. ```APIDOC ## RAG Pipeline Scanning ### Description Scan and mask PII across entire document directories for RAG ingestion. ### Method CLI Commands ### Endpoints - `cloakpipe scan [--detect-only | --output ] [--strategy ] [--min-confidence ]` ### Parameters #### Path Parameters - **directory** (string) - Required - The directory to scan for documents. - **output_directory** (string) - Optional - The directory to save masked documents and mappings. #### Query Parameters - **detect-only** (boolean) - Optional - If set, only detect PII without masking. - **strategy** (string) - Optional - The PII masking strategy (e.g., `token`, `format-preserving`). Defaults to `token`. - **min-confidence** (float) - Optional - The minimum confidence threshold for PII detection (0.0 to 1.0). ### Request Example ```bash # Scan directory for PII (detect only) cloakpipe scan ./documents/ --detect-only # Scan and mask with token strategy (default) cloakpipe scan ./documents/ --output ./documents-masked/ # Scan with format-preserving strategy cloakpipe scan ./documents/ --output ./documents-fp/ --strategy format-preserving # Filter by confidence threshold cloakpipe scan ./documents/ --detect-only --min-confidence 0.95 ``` ### Response #### Success Response (200) - **Scan Summary** (object) - Summary of the scanning process, including files scanned, PII found, and strategy used. #### Response Example ``` --- Scan Summary --- Files scanned: 47 Files with PII: 32 Total entities: 847 Strategy: token Output dir: ./documents-masked/ Vault mappings: ./documents-masked/vault-mappings.json ``` ``` -------------------------------- ### Deploy CloakPipe with Docker Compose Source: https://context7.com/rohansx/cloakpipe/llms.txt This Docker Compose configuration sets up CloakPipe for production, mapping ports, defining environment variables for API keys and policies, and mounting volumes for persistent storage of vault and audit logs. It also includes a health check for monitoring. ```yaml version: '3.8' services: cloakpipe: image: ghcr.io/cloakpipe/cloakpipe:latest ports: - "3100:3100" environment: - CLOAKPIPE_UPSTREAM_URL=https://api.openai.com - CLOAKPIPE_POLICY=policies/dpdp.yaml - CLOAKPIPE_LOG_LEVEL=info - CLOAKPIPE_VAULT_KEY=${VAULT_KEY} # Set in .env file - OPENAI_API_KEY=${OPENAI_API_KEY} volumes: - cloakpipe-vault:/data/vault - cloakpipe-audit:/data/audit - ./policies:/app/policies:ro restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3100/health"] interval: 30s timeout: 10s retries: 3 volumes: cloakpipe-vault: cloakpipe-audit: ``` -------------------------------- ### Vercel AI SDK Integration with CloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Demonstrates how to configure the Vercel AI SDK to use CloakPipe as a proxy for OpenAI models. The `baseURL` option within the model configuration directs traffic through CloakPipe for PII processing. ```typescript import { openai } from '@ai-sdk/openai'; import { generateText } from 'ai'; const result = await generateText({ model: openai('gpt-4', { baseURL: 'http://localhost:3100/v1', // CloakPipe proxy }), prompt: 'Analyze the customer data for Rajesh, Aadhaar 2345 6789 0123', }); ``` -------------------------------- ### Implement Native Detection with Rust Source: https://context7.com/rohansx/cloakpipe/llms.txt Directly utilizes the CloakPipe core detector to identify sensitive entities like emails, financial data, and IP addresses using a configurable detection pipeline. ```rust use cloakpipe_core::{config::DetectionConfig, detector::Detector}; let config = DetectionConfig { secrets: true, financial: true, dates: true, emails: true, phone_numbers: true, ip_addresses: true, ..Default::default() }; let detector = Detector::from_config(&config)?; let text = "Contact john@acme.com about the $1.5M deal."; let entities = detector.detect(text)?; for entity in &entities { println!("{:?}: {}", entity.category, entity.original); } ``` -------------------------------- ### Anthropic SDK Integration with CloakPipe Source: https://github.com/rohansx/cloakpipe/blob/main/README.md Illustrates integrating CloakPipe with the Anthropic SDK. The `base_url` parameter is set to the CloakPipe proxy endpoint, enabling PII handling for Anthropic API calls. ```python from anthropic import Anthropic client = Anthropic( base_url="http://localhost:3100/v1/anthropic", # CloakPipe proxy api_key="sk-ant-your-key" ) message = client.messages.create( model="claude-sonnet-4-20250514", max_tokens=1024, messages=[ {"role": "user", "content": "Review the loan application for Amit Patel, PAN ABCDE1234F"} ] ) ``` -------------------------------- ### Configure Vault Key Storage and Isolation Source: https://github.com/rohansx/cloakpipe/blob/main/docs/TECH.md Provides Rust definitions for key source management and TOML configuration for multi-vault project isolation. ```rust // Key storage options (mutually exclusive) enum KeySource { EnvVar(String), // CLOAKPIPE_VAULT_KEY env var Keyring { service: &str }, // OS keyring (macOS Keychain, Linux Secret Service) Passphrase(String), // Interactive passphrase → Argon2id derivation } ``` ```toml # Per-project or per-tenant vault isolation [vault] path = "./vaults/" # Directory mode: one vault file per project/tenant isolation = "project" # "project" | "tenant" | "single" ``` -------------------------------- ### Verify CloakPipe Masking with cURL Source: https://github.com/rohansx/cloakpipe/blob/main/README.md A cURL command to test the proxy by sending a request containing PII to the chat completions endpoint, demonstrating the detection and masking flow. ```bash curl http://localhost:3100/v1/chat/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -d '{ "model": "gpt-4", "messages": [ {"role": "user", "content": "Summarize the case for Rajesh Singh, Aadhaar 2345 6789 0123, treated at Apollo Hospital Mumbai."} ] }' ```