1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
//! The shipped scanner set: [`pii::PiiScanner`] and [`secrets::SecretScanner`],
//! plus the shared [`restore::RestoreScanner`] that rehydrates `RoundTrip`
//! redactions on the output path; and the pattern scanners
//! ([`regex::RegexScanner`], [`ban_substrings::BanSubstringsScanner`],
//! [`ban_topics::BanTopicsScanner`], [`token_limit::TokenLimitScanner`]).
//!
//! The detect-and-redact scanners (PII, secrets, regex, redacting ban-substrings)
//! share one machinery (collect spans → resolve overlaps → intern into the vault
//! → rewrite span-by-span). They differ only in their detectors and their
//! [`RestorePolicy`](crate::RestorePolicy): PII is `RoundTrip` (a `RestoreScanner`
//! restores it on output), secrets are `OneWay` (nothing restores them), and the
//! regex scanner is configurable. That policy difference — not the data type — is
//! the whole point of the two-tier design. The block-only scanners (ban-topics,
//! token-limit, blocking ban-substrings) reject rather than rewrite.
//!
//! With the `prompt-injection` feature, [`prompt_injection::PromptInjectionScanner`]
//! adds an ML block-only scanner: a DeBERTa-v3 classifier that scores
//! `P(injection)` and rejects an injection before any model forward.
pub use BanSubstringsScanner;
pub use ;
pub use PiiScanner;
pub use ;
pub use ;
pub use RestoreScanner;
pub use SecretScanner;
pub use TokenLimitScanner;