PII Redaction
Domscribe automatically scrubs personally identifiable information (PII) and sensitive data before it leaves the browser. This ensures that emails, tokens, credit card numbers, and other sensitive values captured from your component's props and state never reach the relay server or your coding agent.
Enabled by Default
PII redaction is on by default. The runtime option redactPII controls this behavior:
- When
redactPIIistrue(default) -- all captured props and state are scrubbed before being sent to the relay. - When
redactPIIisfalse-- redaction is skipped. Use this only in trusted environments where you need to inspect raw values.
What Gets Redacted
Domscribe detects and replaces the following patterns with [REDACTED]:
Value Patterns
| Pattern | Example |
|---|---|
| Email addresses | user@example.com |
| Phone numbers | +1 (555) 123-4567, 555-123-4567 |
| Credit card numbers | 4111-1111-1111-1111 |
| Social Security Numbers (US) | 123-45-6789 |
| IP addresses | 192.168.1.1 |
| API keys and tokens | Long alphanumeric strings (32+ characters) |
| JWT tokens | eyJhbGciOiJIUzI1NiIs... |
Sensitive Field Names
In addition to pattern-based redaction, Domscribe redacts the entire value of any object field whose name matches a known sensitive key (case-insensitive):
password, passwd, pwd, secret, token, apikey, api_key, authtoken, auth_token, accesstoken, access_token, refreshtoken, refresh_token, privatekey, private_key, creditcard, credit_card, cardnumber, card_number, cvv, ssn, social_security
For example, if a component's props include { apiKey: "sk-abc123..." }, the value is replaced with [REDACTED] regardless of whether the value itself matches a pattern.
How It Works
Redaction happens in the browser at capture time, inside the @domscribe/runtime package:
- When the runtime captures component state (via React fiber walking or Vue VNode inspection), it passes the result through
redactPII()from@domscribe/core. redactPII()recursively walks the object, applying all built-in regex patterns to string values and replacing matches with[REDACTED].redactSensitiveFields()checks each object key against the sensitive field name list and replaces matching values entirely.- The scrubbed data is then sent to the relay and made available to the agent via MCP.
Because redaction happens before data leaves the browser, sensitive values are never transmitted over the network, even on localhost.
Customization
The redactPII function uses the RedactionOptions interface, which supports:
- Selecting specific patterns -- choose which built-in patterns to apply (e.g., only emails and JWTs).
- Custom patterns -- add your own regex patterns for domain-specific sensitive data.
- Partial preservation -- optionally preserve the last 4 characters of a matched value (e.g., for debugging).
These options are available when calling the redaction functions programmatically from @domscribe/core.
Related
- Code to UI -- redaction applies to all runtime context sent back to the agent
- UI to Code -- annotation context is also redacted before storage
- Overlay and Picker -- the overlay displays already-redacted data