Architecture

How AI Privacy Gateway works.

Data Flow

User Request


┌─────────────────────────────────┐
│  AI Privacy Gateway (:9999)     │
│                                 │
│  ┌───────────┐  ┌────────────┐ │
│  │ Detection │──│ Vault DB   │ │
│  │ Engine    │  │  SQLite    │ │
│  └─────┬─────┘  └────────────┘ │
│        │                        │
│  ┌─────▼─────┐                  │
│  │  Proxy    │                  │
│  │  HTTP/SSE │                  │
│  └─────┬─────┘                  │
└────────┼────────────────────────┘


    ┌─────────┐
    │ AI API  │  (DeepSeek/Claude/ChatGPT)
    └─────────┘

Request Processing

1. Receive request → extract messages.content
2. Detect sensitive info → regex + AC automaton (Rust PyO3)
3. Create placeholders → write to vault DB
4. Forward masked request → upstream AI API
5. Receive response → restore placeholders
6. Return original response → user is unaware

SSE Streaming

Special handling for stream mode:

Detection Engine

The gateway uses Python-based regex + NER dual-engine for sensitive data detection:

Data Security