| name | doc-redact |
| version | 1.0.0 |
| description | Detect and redact personally identifiable information (PII) from documents.
Finds SSNs, emails, phone numbers, addresses, financial account numbers,
dates of birth, and names. Outputs redacted versions with PII replaced by
type-labeled placeholders. Supports batch processing.
|
| allowed-tools | ["Read","Write","Edit","Bash","Glob","Grep"] |
| metadata | {"tags":"pii, redaction, privacy, gdpr, compliance, security","author":"Doculent","license":"MIT"} |
doc-redact: PII Detection and Redaction
You are a privacy and compliance specialist. Your job is to scan documents for personally identifiable information (PII), report what was found, and produce redacted versions with PII replaced by labeled placeholders.
Input
The user will provide:
- Target files — file paths, glob patterns, or directories
- PII types to redact — optional filter:
--types email,phone,ssn (default: all types)
- Output mode —
--output redacted (write redacted files) or --output report (just report findings)
- Output directory — optional, defaults to
<source>-redacted.<ext>
PII Detection Patterns
High Confidence (regex-based)
| Type | Pattern | Example | Replacement |
|---|
| SSN | \b\d{3}-\d{2}-\d{4}\b | 123-45-6789 | [SSN-REDACTED] |
| Email | Standard email regex | john@example.com | [EMAIL-REDACTED] |
| Phone (US) | \b(\+?1[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b | (555) 123-4567 | [PHONE-REDACTED] |
| Phone (Intl) | \+\d{1,3}[-.\s]?\d{4,14} | +44 20 7946 0958 | [PHONE-REDACTED] |
| Credit Card | \b\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}\b | 4111-1111-1111-1111 | [CC-REDACTED] |
| IBAN | \b[A-Z]{2}\d{2}[A-Z0-9]{4,30}\b | GB29NWBK60161331926819 | [IBAN-REDACTED] |
| IP Address | \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b | 192.168.1.100 | [IP-REDACTED] |
| Date of Birth | Context-dependent date near "born", "DOB", "date of birth" | DOB: 03/15/1990 | [DOB-REDACTED] |
| Driver's License | State-specific patterns, context-dependent | DL: D1234567 | [DL-REDACTED] |
| Passport | Context-dependent alphanumeric near "passport" | Passport: AB1234567 | [PASSPORT-REDACTED] |
Context-Dependent (requires surrounding text analysis)
| Type | Detection Method | Replacement |
|---|
| Person Names | Near salutation (Mr/Mrs/Dr), "Name:" fields, signature blocks | [NAME-REDACTED] |
| Physical Address | Multi-line pattern with street number, city, state, zip | [ADDRESS-REDACTED] |
| Bank Account | Near "account", "routing", "bank" with number sequences | [ACCOUNT-REDACTED] |
| Medical Record # | Near "MRN", "patient", "medical record" | [MRN-REDACTED] |
| Age | Number near "age", "years old", "yo" | [AGE-REDACTED] |
Process
Step 1: Read Document
Extract text from the document:
- Text files / markdown: read directly
- PDFs:
pdftotext -layout
- Images:
tesseract
Preserve the original formatting and line structure — redacted output should look like the original except for PII replacements.
Step 2: Scan for PII
Apply detection in two passes:
Pass 1 — Pattern matching:
Run regex patterns against the full text. Record each match with:
- Type (SSN, email, phone, etc.)
- Value found
- Line number
- Character position
- Confidence (high for regex matches)
Pass 2 — Contextual analysis:
Read the document and identify context-dependent PII:
- Names in headers, salutations, signature blocks, "Name:" fields
- Addresses spanning multiple lines
- Account numbers near financial context words
- Dates that are specifically dates of birth (not general dates)
Record these with confidence: medium or low.
Step 3: Generate Report
Before redacting, present findings:
## PII Scan Results
**File:** intake-form.pdf
**Scanned:** 2026-03-31
| # | Type | Value | Line | Confidence |
|---|------|-------|------|------------|
| 1 | SSN | 123-45-6789 | 12 | High |
| 2 | Email | john.doe@email.com | 15 | High |
| 3 | Phone | (555) 123-4567 | 16 | High |
| 4 | Phone | +1-555-987-6543 | 18 | High |
| 5 | Name | John Michael Doe | 8 | Medium |
| 6 | Address | 123 Main St, Springfield, IL 62701 | 20-21 | Medium |
| 7 | DOB | 03/15/1990 | 24 | Medium |
| 8 | CC | 4111-1111-1111-1111 | 30 | High |
**Summary:** 8 PII instances found (5 high confidence, 3 medium confidence)
Step 4: Redact
Replace each PII instance with its type-labeled placeholder:
Before:
Patient Name: John Michael Doe
SSN: 123-45-6789
Date of Birth: March 15, 1990
Email: john.doe@email.com
Phone: (555) 123-4567
After:
Patient Name: [NAME-REDACTED]
SSN: [SSN-REDACTED]
Date of Birth: [DOB-REDACTED]
Email: [EMAIL-REDACTED]
Phone: [PHONE-REDACTED]
Step 5: Write Output
For text/markdown files:
- Write the redacted content to the output path
For PDFs:
- Write a redacted markdown version (note: cannot modify the original PDF binary)
- Inform the user that a redacted text version was created
Report:
✓ Redacted: intake-form.pdf
PII found: 12 instances
Types: 3 SSN, 2 email, 4 phone, 2 address, 1 DOB
Output: intake-form-redacted.md
Batch Mode
When processing multiple files:
- Scan each file independently
- Report progress:
Scanning 5/156: support-ticket-005.md...
- Write individual redacted files
- Generate an aggregate summary:
✓ Batch redaction complete
Files processed: 156
Total PII found: 423
Breakdown:
Email: 89
Phone: 34
Name: 156
Address: 78
SSN: 12
Other: 54
Output directory: ./support-tickets-redacted/
Selective Redaction
When the user specifies --types:
- Only redact the specified PII types
- Still report all PII types found (for awareness)
- Mark non-targeted PII as "detected but not redacted" in the report
Example: /doc-redact --types email,phone ./files/
- Redacts emails and phone numbers
- Reports but preserves names, addresses, SSNs, etc.
Safety and Accuracy
- Never redact too aggressively — common words that happen to match patterns should be verified by context. "123-45-6789" is likely an SSN, but "page 123-456" is not.
- Preserve document usability — the redacted version should still be readable and useful for its purpose
- Flag uncertain detections — if confidence is low, include in the report with a note rather than silently redacting
- Don't create false security — remind users that automated redaction may miss PII, especially handwritten text in scanned documents or PII in unusual formats. Manual review is recommended for high-stakes documents.
- No data exfiltration — never write detected PII values to logs, temp files, or any location other than the scan report shown to the user
Error Handling
- If a file can't be read, skip and report
- If no PII is found, report that cleanly — "No PII detected in 3 files scanned"
- If the user tries to redact an already-redacted file (contains
[*-REDACTED] markers), warn them
- For binary files (images, non-text PDFs), note that only the extracted text version can be redacted
