Skip to main content

SensitiveDataFilter

一个从跨度字段中编辑敏感信息的SpanOutputProcessor。

🌐 A SpanOutputProcessor that redacts sensitive information from span fields.

构造函数
Direct link to 构造函数

🌐 Constructor

new SensitiveDataFilter(options?: SensitiveDataFilterOptions)

SensitiveDataFilterOptions
Direct link to SensitiveDataFilterOptions

interface SensitiveDataFilterOptions {
  /**
   * List of sensitive field names to redact.
   * Matching is case-insensitive and normalizes separators
   * (api-key, api_key, Api Key → apikey).
   * Defaults include: password, token, secret, key, apikey, auth,
   * authorization, bearer, bearertoken, jwt, credential,
   * clientsecret, privatekey, refresh, ssn.
   */
  sensitiveFields?: string[];

  /**
   * The token used for full redaction.
   * Default: "[REDACTED]"
   */
  redactionToken?: string;

  /**
   * Style of redaction to use:
   * - "full": always replace with redactionToken
   * - "partial": show 3 characters from the start and end, redact the middle
   * Default: "full"
   */
  redactionStyle?: RedactionStyle;
}

RedactionStyle
Direct link to RedactionStyle

type RedactionStyle = "full" | "partial";

方法
Direct link to 方法

🌐 Methods

process
Direct link to process

process(span: AnySpan): AnySpan

通过过滤其关键字段中的敏感数据来处理一个跨度:属性、元数据、输入、输出和错误信息。

🌐 Process a span by filtering sensitive data across its key fields: attributes, metadata, input, output, and errorInfo.

返回: 返回一个敏感值已被屏蔽的新跨度。

shutdown
Direct link to shutdown

async shutdown(): Promise<void>

此处理器无需清理。

🌐 No cleanup needed for this processor.

属性
Direct link to 属性

🌐 Properties

readonly name = 'sensitive-data-filter';

默认敏感字段
Direct link to 默认敏感字段

🌐 Default Sensitive Fields

当未提供自定义字段时:

🌐 When no custom fields are provided:

[
  "password",
  "token",
  "secret",
  "key",
  "apikey",
  "auth",
  "authorization",
  "bearer",
  "bearertoken",
  "jwt",
  "credential",
  "clientsecret",
  "privatekey",
  "refresh",
  "ssn",
];

处理行为
Direct link to 处理行为

🌐 Processing Behavior

字段匹配
Direct link to 字段匹配

🌐 Field Matching

  • 不区分大小写APIKeyapikeyApiKey 都匹配
  • 分隔符无关api-keyapi_keyapiKey 被视为相同
  • 精确匹配:标准化后,字段必须完全匹配
    • token 匹配 tokenTokenTOKEN
    • token 不匹配 promptTokenstokenCount

编辑样式
Direct link to 编辑样式

🌐 Redaction Styles

完全编辑(默认)
Direct link to 完全编辑(默认)

🌐 Full Redaction (default)

所有匹配的值都已被 redactionToken 替换。

🌐 All matched values replaced with redactionToken.

部分编辑
Direct link to 部分编辑

🌐 Partial Redaction

  • 显示前三个和后三个字符
  • 长度 ≤ 6 个字符的值已完全隐藏
  • 非字符串值在部分脱敏之前会被转换为字符串

错误处理
Direct link to 错误处理

🌐 Error Handling

如果过滤字段失败,该字段将被替换为:

🌐 If filtering a field fails, the field is replaced with:

{
  error: {
    processor: "sensitive-data-filter";
  }
}

已处理字段
Direct link to 已处理字段

🌐 Processed Fields

过滤器递归处理:

🌐 The filter recursively processes:

  • span.attributes - 跨度元数据和属性
  • span.metadata - 自定义元数据
  • span.input - 输入数据
  • span.output - 输出数据
  • span.errorInfo - 错误信息

安全处理嵌套对象、数组和循环引用。

🌐 Handles nested objects, arrays, and circular references safely.

目录