Skip to main content
This section provides detailed documentation for all Rehydra exports.

Core Functions

createAnonymizer

Create a reusable anonymizer instance with configuration

anonymize

Anonymize text and get the result with encrypted PII map

rehydrate

Restore original values from anonymized text

Storage

Storage Providers

SQLite, IndexedDB, and in-memory storage

Sessions

Session-based PII map persistence

Streaming & Proxy

Streaming

Stream-based anonymization for chunked text (Node.js/Bun)

LLM Proxy

Proxy middleware for OpenAI and Anthropic (Node.js/Bun)

Utilities

Crypto

Encryption, key management, and utilities

Model Management

Download, cache, and manage NER models

Quick Reference

Main Entry Points

import { 
  // Factory function
  createAnonymizer,
  
  // Convenience functions
  anonymize,
  anonymizeRegexOnly,
  anonymizeWithNER,
  
  // Rehydration
  rehydrate,
  decryptPIIMap,
  
  // Key providers
  InMemoryKeyProvider,
  ConfigKeyProvider,
  
  // Storage providers
  InMemoryPIIStorageProvider,
  SQLitePIIStorageProvider,      // Node.js only
  IndexedDBPIIStorageProvider,   // Browser only

  // Types
  PIIType,
  type AnonymizationResult,
  type AnonymizationPolicy,
} from 'rehydra';

// Streaming (Node.js/Bun only)
import { createAnonymizerStream } from 'rehydra/streaming';

// LLM Proxy (Node.js/Bun only)
import { wrapLLMClient, createRehydraFetch, createRehydraProxy } from 'rehydra/proxy';

Result Structure

interface AnonymizationResult {
  // Text with PII replaced
  anonymizedText: string;
  
  // Detected entities (without originals)
  entities: Array<{
    type: PIIType;
    id: number;
    start: number;
    end: number;
    confidence: number;
    source: 'REGEX' | 'NER' | 'HYBRID';
    semantic?: { gender?: string; scope?: string; title?: string };
  }>;

  // Encrypted PII map (undefined in 'anonymize' mode)
  piiMap?: {
    ciphertext: string;
    iv: string;
    authTag: string;
  };
  
  // Statistics
  stats: {
    countsByType: Record<PIIType, number>;
    totalEntities: number;
    processingTimeMs: number;
    modelVersion: string;
    leakScanPassed?: boolean;
  };
}

Configuration

interface AnonymizerConfig {
  // Anonymization mode
  mode?: 'pseudonymize' | 'anonymize';  // default: 'pseudonymize'
  // 'pseudonymize': reversible — returns encrypted piiMap for rehydration
  // 'anonymize': irreversible — no piiMap returned, PII is permanently removed

  // NER model configuration
  ner?: {
    mode: 'disabled' | 'quantized' | 'standard' | 'custom';
    modelPath?: string;
    vocabPath?: string;
    autoDownload?: boolean;
    thresholds?: Partial<Record<PIIType, number>>;
    onStatus?: (status: string) => void;
    onDownloadProgress?: (progress: DownloadProgress) => void;
    // Case-insensitive fallback for lowercase names
    caseFallback?: boolean;              // default: false
    caseFallbackPenalty?: number;        // default: 0.85
    // Inference backend
    backend?: 'local' | 'inference-server';  // default: 'local'
    inferenceServerUrl?: string;   // required if backend='inference-server'
    inferenceServerTimeout?: number;  // default: 30000
  };

  // Semantic enrichment
  semantic?: {
    enabled: boolean;
    autoDownload?: boolean;
    onStatus?: (status: string) => void;
    onDownloadProgress?: (progress: DownloadProgress) => void;
  };

  // Encryption key provider
  keyProvider?: KeyProvider;

  // Storage for sessions
  piiStorageProvider?: PIIStorageProvider;

  // Default anonymization policy
  defaultPolicy?: AnonymizationPolicy;

  // Secrets/credentials detection
  secrets?: {
    enabled: boolean;
    envFiles?: string[];
    secretKeyPatterns?: RegExp[];
    minValueLength?: number;        // default: 4
  };

  // Validation warning callback (silent if omitted)
  onValidationWarning?: (warnings: Array<{ code: string; message: string }>) => void;
}

Policy Options

interface AnonymizationPolicy {
  // Types to detect
  enabledTypes: Set<PIIType>;
  regexEnabledTypes: Set<PIIType>;
  nerEnabledTypes: Set<PIIType>;
  
  // Confidence thresholds
  confidenceThresholds: Map<PIIType, number>;
  
  // Type priority for overlaps
  typePriority: PIIType[];
  
  // Custom ID patterns
  customIdPatterns: CustomIdPattern[];

  // Allowlist (never anonymize these terms)
  allowlistTerms: Set<string>;

  // Denylist (always anonymize matches)
  denylistPatterns: RegExp[];

  // ID reuse for repeated values
  reuseIdsForRepeatedPII: boolean;
  
  // Validation
  enableLeakScan: boolean;
  
  // Semantic attributes
  enableSemanticMasking: boolean;
}