Secured
API Reference

PrivacyClient

Full API reference for the PrivacyClient class.

PrivacyClient is the main class in @secured-ai/core. It coordinates detection engines, sessions, file processing, text review, and the optional vault subsystem.

import { PrivacyClient } from '@secured-ai/core'

Constructor

new PrivacyClient(config?: PrivacyClientConfig)

PrivacyClientConfig

interface PrivacyClientConfig {
  baseUrl: string
  sdkAccessToken: string
  engines?: {
    regex?: boolean
    nlp?: boolean
    ml?: boolean
    gliner?: boolean
    custom?: boolean
  }
  confidenceThreshold?: number
  maxProcessingTime?: number
  disableGLiNERChunking?: boolean
  replacementPools?: Partial<Record<EntityType, string[]>>
  debug?: boolean
  onInitProgress?: (event: InitProgressEvent) => void
  vault?: PrivacyVaultConfig
}
OptionTypeDefaultDescription
baseUrlstringrequired in browserSecured API base URL used to verify the SDK access token and bind backend-backed repositories
sdkAccessTokenstringrequired in browserOrigin-restricted SDK access token created in the Secured platform
engines.regexbooleantrueStructured regex detection
engines.nlpbooleantruecompromise-based detection
engines.mlbooleanfalseHuggingFace semantic detection
engines.glinerbooleanfalseGLiNER semantic detection
engines.custombooleantrueuser-registered regex patterns
confidenceThresholdnumber0.8Minimum confidence to return
maxProcessingTimenumber30000Per-engine timeout in milliseconds
disableGLiNERChunkingbooleanfalseRuns GLiNER once against the full input instead of splitting long text into semantic chunks
replacementPoolsobject{}Custom replacement values by entity type
debugbooleanfalseEnables debug logging
onInitProgressfunctionundefinedCalled during slow-engine initialization
vaultPrivacyVaultConfigundefinedEnables the vault subsystem
const client = new PrivacyClient({
  baseUrl: 'https://dev-api.securedai.com',
  sdkAccessToken: import.meta.env.VITE_SECURED_SDK_ACCESS_TOKEN,
  engines: {
    regex: true,
    nlp: true,
    ml: false,
    gliner: false,
    custom: true,
  },
  confidenceThreshold: 0.85,
  maxProcessingTime: 15000,
  replacementPools: {
    PERSON: ['Alex Taylor', 'Jordan Lee'],
  },
  debug: true,
})

Create an SDK access token in Settings > SDK Access Tokens before using the browser SDK. initialize() verifies the token against the current browser origin before starting engines or backend-backed vault setup. See SDK Access Tokens.

Lifecycle and status

initialize()

initialize(): Promise<void>

Initializes the configured engines and the vault subsystem. Fast engines initialize first. Slow engines like HuggingFace and GLiNER may continue warming in the background.

In browser environments, initialize() first verifies sdkAccessToken against baseUrl and the current request origin. If the token is missing, invalid, revoked, or the origin is not allowed, initialization rejects before loading engines.

getInitProgress()

getInitProgress(): InitProgress

Returns per-engine and overall initialization progress.

clearModelCache()

clearModelCache(): void

Clears cached semantic model state, resets readiness, and forces a future re-initialization.

isReady

get isReady(): boolean

true when at least one configured engine is ready.

isFullyReady

get isFullyReady(): boolean

true when every configured engine is ready.

readyEngines

get readyEngines(): string[]

Returns the concrete engine names currently available.

Text detection and obfuscation

detect()

detect(text: string): Promise<PrivacyScanResult>

Runs all currently ready engines, merges entities, filters by confidence, and returns both entities and sensitiveEntities.

obfuscate()

obfuscate(text: string, options?: ObfuscationOptions): Promise<ObfuscationResult>

Detects sensitive entities, resolves replacements through the vault and replacement pools, creates a session, and returns the processed text.

interface ObfuscationOptions {
  threadId?: string | null
}

Pass threadId to scope replacement reuse even if you are not calling setThreadContext() globally.

restore()

restore(text: string, sessionId: string): Promise<RestorationResult>

Restores original values using a previously created session.

Text review workflow

createTextReview()

createTextReview(
  text: string,
  entities: SensitiveEntity[],
  resolveReplacement?: (entity: SensitiveEntity) => string,
): TextReview

Creates a grouped review model from detected entities.

setTextReviewReplacement()

setTextReviewReplacement(
  review: TextReview,
  itemId: string,
  replacement: string,
): TextReview

removeTextReviewItem()

removeTextReviewItem(review: TextReview, itemId: string): TextReview

restoreTextReviewItem()

restoreTextReviewItem(review: TextReview, itemId: string): TextReview

addTextReviewEntity()

addTextReviewEntity(
  review: TextReview,
  entity: SensitiveEntity,
  replacement: string,
): TextReview

previewTextReview()

previewTextReview(
  review: TextReview,
): Omit<FinalizedTextReview, 'sessionId' | 'session' | 'serializedSession'>

Returns a processed-text preview without persisting a session.

finalizeTextReview()

finalizeTextReview(review: TextReview): FinalizedTextReview

Creates the processed text, mappings, and a persisted session in one step.

createSessionFromMappings()

createSessionFromMappings(
  originalText: string,
  processedText: string,
  mappings: SessionMapping[],
): PrivacySession

Creates a session explicitly from a known mapping set.

File processing

detectInFile()

detectInFile(file: File): Promise<FileProcessingResult>

Extracts text and scans supported files such as PDF, DOCX, XLSX, CSV, TXT, JSON, and images.

obfuscateFile()

obfuscateFile(
  file: File,
  entitiesOrOptions?: SensitiveEntity[] | FileObfuscationOptions,
): Promise<Blob>

FileObfuscationOptions supports:

interface FileObfuscationOptions {
  entities?: SensitiveEntity[]
  extractedText?: string
}

Use entities to reuse a reviewed entity list, or extractedText to skip a second extraction pass when your UI already has the source text.

Sessions

getSession()

getSession(sessionId: string): PrivacySession | undefined

exportSession()

exportSession(sessionId: string): SerializedPrivacySession | undefined

Exports a session into a JSON-safe representation.

importSession()

importSession(session: PrivacySession | SerializedPrivacySession): PrivacySession

Hydrates a session into the current client instance.

getSessions()

getSessions(): PrivacySession[]

clearSession()

clearSession(sessionId: string): void

clearAllSessions()

clearAllSessions(): void

Custom patterns

addPattern()

addPattern(pattern: CustomPattern): void

removePattern()

removePattern(name: string): boolean

Vault integration

vault

get vault(): VaultManager

Gives direct access to the configured vault manager.

setThreadContext()

setThreadContext(threadId: string | null): Promise<void>

Sets the active thread for vault-backed replacement reuse.

refreshVaultContext()

refreshVaultContext(): Promise<void>

Re-resolves runtime vault inputs like masterKey and cacheNamespace.

clearVaultCache()

clearVaultCache(): Promise<void>

Clears the vault cache and in-memory snapshot state.

Entity Types

Reference table of all 44 EntityType values supported by @secured-ai/core.

deobfuscate()

Standalone function for restoring obfuscated text using serialised session mappings.

On this page

ConstructorPrivacyClientConfigLifecycle and statusinitialize()getInitProgress()clearModelCache()isReadyisFullyReadyreadyEnginesText detection and obfuscationdetect()obfuscate()restore()Text review workflowcreateTextReview()setTextReviewReplacement()removeTextReviewItem()restoreTextReviewItem()addTextReviewEntity()previewTextReview()finalizeTextReview()createSessionFromMappings()File processingdetectInFile()obfuscateFile()SessionsgetSession()exportSession()importSession()getSessions()clearSession()clearAllSessions()Custom patternsaddPattern()removePattern()Vault integrationvaultsetThreadContext()refreshVaultContext()clearVaultCache()