Skip to content

Add a pre-LLM privacy gate (PII data-minimization) to the R2 mechanical regime #6

Description

@sammy995

Problem / motivation

mech_gov governs the quality and accountability of LLM decisions (hard gates, commit–reveal entropy, I6Q, ambiguity deferral), but it does not govern what data reaches the model. In high-stakes financial decisioning, case material can contain direct identifiers (names, emails, account numbers, national IDs). Sending those to a model is a data-minimization concern under GDPR Art. 5(1)(c) and maps to OWASP LLM06 (Sensitive Information Disclosure).

Proposal

Add a pre-LLM "privacy gate" primitive to the R2 pipeline that:

  • reversibly tokenizes direct identifiers before the model is consulted (the model sees {{EMAIL_1}}, never the raw value);
  • mechanically DEFERs a case (fail-closed) when residual identifiers exceed a configurable budget or detection fails — consistent with the existing mechanical-gate model;
  • records only counts in DecisionResult.metadata (the reversible token map is never persisted).

Because R2 decisions are driven by risk_score and regulatory_flags — not identities — tokenization does not change decision quality.

Scope

  • Stdlib-only, vendor-neutral, no new dependencies; a pluggable PiiRecognizer allows an optional NER backend later.
  • First of two changes: PR#1 adds the primitive + R2 wiring; a follow-up adds a privacy-leakage metric (alongside CDL/DIU), synthetic narrative data to exercise it end-to-end, and R1/R3 coverage via an LLMInterface wrapper.

Happy to adjust naming and defaults to fit the project's conventions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions