A local tool masks private details before using cloud AI
vault-engine is a Python tool that changes names, companies, places, email addresses, and other identifying details before sensitive text is sent to a cloud AI model. Detection runs on the user’s own computer by default, using a local LLM plus regex checks, so only the cleaned text needs to go to ChatGPT, Claude, Gemini, or another . When the replies with tokens still in the text, the user can restore the real details locally with a file.
The project emphasizes English and Chinese text, especially Chinese names and . In a small synthetic benchmark with 77 identities across 15 bilingual documents, vault-engine reports 100% detection, compared with 61% for Microsoft Presidio and 13% for regex-only checks. The benchmark is only a small test set, not proof of legal anonymization or complete privacy.
Installation is available through pip, with Ollama and a model such as qwen3.6:27b for the default ; without a model, it can still handle fixed patterns such as emails, phone numbers, IDs, cards, and URLs. It offers balanced, max, and light policies, and warns that the file must stay local because it is what links tokens back to real identities.
Key points
- Private details are replaced with tokens before text is sent to a cloud AI model.
- The file restores the real details and must stay on the user’s own machine.
- A local LLM is used to catch names, , places, and other clues that simple regex checks can miss.
- A small synthetic benchmark reports 100% detection for vault-engine, 61% for Microsoft Presidio, and 13% for regex-only checks.
- It is not legal anonymization, so high-risk material still needs .