Secured
API Reference

Types

Key exported TypeScript types from @secured-ai/core.

All public types are exported from the package root:

import type {
  EntityType,
  PrivacyClientConfig,
  PrivacyScanResult,
  TextReview,
  FinalizedTextReview,
  PrivacyVaultConfig,
} from '@secured-ai/core'

Core detection types

EntityType

EntityType is the union of all supported built-in entity kinds, including values such as PERSON, EMAIL, PHONE, SSN, ORG, GPE, LOC, ACCOUNT_NUMBER, CREDIT_CARD_EXPIRY, and CUSTOM.

See Entity Types for the full list.

DetectionSource

type DetectionSource =
  | 'regex-patterns'
  | 'compromise-nlp'
  | 'compromise-regex'
  | 'huggingface'
  | 'gliner'
  | 'custom'

SensitiveEntity

interface SensitiveEntity {
  text: string
  label?: string
  start: number
  end: number
  confidence: number
  type: EntityType
  source?: string
  fileId?: string
  fileName?: string
}

ExtendedSensitiveEntity

interface ExtendedSensitiveEntity extends SensitiveEntity {
  detectionSource: DetectionSource
  detectionMethod?: string
}

PrivacyScanResult

interface PrivacyScanResult {
  entities: ExtendedSensitiveEntity[]
  sensitiveEntities: SensitiveEntity[]
  processingTime: number
  sourceStats: Record<DetectionSource, number>
  isClean: boolean
}

Obfuscation and session types

ObfuscationResult

interface ObfuscationResult {
  processed: string
  sessionId: string
  hasSensitiveData: boolean
}

ObfuscationOptions

interface ObfuscationOptions {
  threadId?: string | null
}

RestorationResult

interface RestorationResult {
  restored: string
  mappingsApplied: number
  success: boolean
}

SessionMapping

interface SessionMapping {
  id: string
  original: string
  replacement: string
  entityType: EntityType
  position: { start: number; end: number }
}

PrivacySession

interface PrivacySession {
  sessionId: string
  mappings: SessionMapping[]
  createdAt: Date
  processedText: string
  originalText: string
}

SerializedPrivacySession

interface SerializedPrivacySession {
  sessionId: string
  mappings: SessionMapping[]
  createdAt: string
  processedText: string
  originalText: string
}

Text review types

TextReviewOccurrence

interface TextReviewOccurrence {
  start: number
  end: number
  text: string
}

TextReviewItem

interface TextReviewItem extends SensitiveEntity {
  id: string
  replacement: string
  defaultReplacement: string
  isRemoved: boolean
  isCustomAdded: boolean
  occurrences: TextReviewOccurrence[]
}

TextReview

interface TextReview {
  originalText: string
  items: TextReviewItem[]
}

FinalizedTextReview

interface FinalizedTextReview {
  processedText: string
  entities: SensitiveEntity[]
  mappings: SessionMapping[]
  sessionId: string
  session: PrivacySession
  serializedSession: SerializedPrivacySession
  hasSensitiveData: boolean
}

Client configuration types

EngineConfig

interface EngineConfig {
  regex?: boolean
  nlp?: boolean
  ml?: boolean
  gliner?: boolean
  custom?: boolean
}

PrivacyClientConfig

interface PrivacyClientConfig {
  baseUrl: string
  sdkAccessToken: string
  engines?: EngineConfig
  confidenceThreshold?: number
  maxProcessingTime?: number
  disableGLiNERChunking?: boolean
  replacementPools?: Partial<Record<EntityType, string[]>>
  debug?: boolean
  onInitProgress?: (event: InitProgressEvent) => void
  vault?: PrivacyVaultConfig
}

baseUrl and sdkAccessToken are required for browser SDK initialization. Create the token in Settings > SDK Access Tokens and restrict it to the browser origins that are allowed to initialize the SDK.

InitProgressEvent

interface InitProgressEvent {
  engine: string
  stage: 'downloading' | 'loading' | 'ready'
  percent: number
}

InitProgress

interface InitProgress {
  overall: number
  engines: Record<string, number>
}

CustomPattern

interface CustomPattern {
  name: string
  pattern: RegExp
  entityType: EntityType
  confidence?: number
}

ReplacementPoolConfig

interface ReplacementPoolConfig {
  [entityType: string]: string[] | undefined
}

Engine implementation types

DetectionResult

interface DetectionResult {
  entities: ExtendedSensitiveEntity[]
  processingTime: number
  source: DetectionSource
}

IDetectionEngine

interface IDetectionEngine {
  initialize(onProgress?: (event: InitProgressEvent) => void): Promise<void>
  detect(text: string): Promise<DetectionResult>
  isReady(): boolean
  getName(): string
}

IEntityValidator

interface IEntityValidator {
  validate(entityType: EntityType, text: string): boolean
}

File types

FileProcessingResult

interface FileProcessingResult {
  entities: ExtendedSensitiveEntity[]
  text: string
  processingTime: number
  fileType: SupportedFileType
}

SupportedFileType

type SupportedFileType = 'pdf' | 'docx' | 'xlsx' | 'csv' | 'txt' | 'json' | 'image'

FileObfuscationOptions

interface FileObfuscationOptions {
  entities?: SensitiveEntity[]
  extractedText?: string
}

Vault types

PrivacyVaultConfig

interface PrivacyVaultConfig {
  repository: VaultRepository
  masterKey: RuntimeValue<string>
  cache?: VaultCache
  cacheNamespace?: RuntimeValue<string>
  crypto?: VaultCrypto
}

VaultEntry

interface VaultEntry {
  original: string
  replacement: string
  type: string
}

EncryptedVaultPayload

interface EncryptedVaultPayload {
  saltB64: string
  ivB64: string
  ciphertextB64: string
}

EncryptedVaultSnapshot

interface EncryptedVaultSnapshot {
  scope: 'global' | 'thread'
  threadId?: string
  version: string
  updatedAt: string
  payload: EncryptedVaultPayload
}

VaultSnapshot

interface VaultSnapshot {
  scope: 'global' | 'thread'
  threadId?: string
  entries: VaultEntry[]
  version: string
  updatedAt: string
}

VaultSnapshotState

interface VaultSnapshotState extends VaultSnapshot {
  fetchedAt: string
  isStale: boolean
}

VaultRepositoryRequestContext

interface VaultRepositoryRequestContext {
  cacheNamespace: string | null
}

VaultRepository

interface VaultRepository {
  getGlobalSnapshot(
    context: VaultRepositoryRequestContext,
  ): Promise<EncryptedVaultSnapshot | null>

  getThreadSnapshot?(
    threadId: string,
    context: VaultRepositoryRequestContext,
  ): Promise<EncryptedVaultSnapshot | null>
}

VaultCrypto

interface VaultCrypto {
  encryptEntries(
    entries: VaultEntry[],
    masterKey: string,
  ): Promise<EncryptedVaultPayload>

  decryptEntries(
    payload: EncryptedVaultPayload,
    masterKey: string,
  ): Promise<VaultEntry[]>
}

VaultCache

interface VaultCache {
  get(key: string): Promise<string | null>
  set(key: string, value: string): Promise<void>
  delete(key: string): Promise<void>
  clear(): Promise<void>
}

RuntimeValue<T>

type RuntimeValue<T> = T | (() => Promise<T | null>)

VaultStatus

interface VaultStatus {
  isEnabled: boolean
  isInitialized: boolean
  activeThreadId: string | null
  cacheNamespace: string | null
  hasGlobalSnapshot: boolean
  isGlobalSnapshotStale: boolean
}

VaultResolveOptions

interface VaultResolveOptions {
  threadId?: string | null
}

deobfuscate()

Standalone function for restoring obfuscated text using serialised session mappings.

Utilities & Adapters

Reference for advanced helper exports such as StringMatcher, vault adapters, repository helpers, and deobfuscation utilities.

On this page

Core detection typesEntityTypeDetectionSourceSensitiveEntityExtendedSensitiveEntityPrivacyScanResultObfuscation and session typesObfuscationResultObfuscationOptionsRestorationResultSessionMappingPrivacySessionSerializedPrivacySessionText review typesTextReviewOccurrenceTextReviewItemTextReviewFinalizedTextReviewClient configuration typesEngineConfigPrivacyClientConfigInitProgressEventInitProgressCustomPatternReplacementPoolConfigEngine implementation typesDetectionResultIDetectionEngineIEntityValidatorFile typesFileProcessingResultSupportedFileTypeFileObfuscationOptionsVault typesPrivacyVaultConfigVaultEntryEncryptedVaultPayloadEncryptedVaultSnapshotVaultSnapshotVaultSnapshotStateVaultRepositoryRequestContextVaultRepositoryVaultCryptoVaultCacheRuntimeValue<T>VaultStatusVaultResolveOptions