A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
trustboost-api
A precision PII redaction layer for autonomous AI agent pipelines. Detects and redacts personally identifiable information before it reaches LLM providers, across English, Spanish (LATAM), Portuguese (BR/PT), German, Japanese, French, Italian, and Korean.
https://api.trustboost.dev/sanitizegpt-4o-mini (temperature 0) · Supabase · Solana payments via HeliusTry TrustBoost instantly in your browser: 👉 https://huggingface.co/spaces/TrustBoost/pii-sanitizer
curl -X POST https://api.trustboost.dev/sanitize/preview \
-H "Content-Type: application/json" \
-d '{"text": "My name is John Doe, email john@gmail.com, SSN 123-45-6789"}'
{
"sanitized_content": "My name is [REDACTED], email [REDACTED], SSN [REDACTED]",
"safety_score": 0.6,
"risk_category": "PRIVATE",
"demo": true,
"requests_remaining": 2,
"next": "https://github.com/teodorofodocrispin-cmyk/TrustBoost-PII-Sanitizer#trial"
}
3 free previews per IP · no account · no wallet · no setup. Ready for more? See Trial mode below — 50 free sanitizations with a Solana wallet.
TrustBoost is available as an MCP (Model Context Protocol) server. Add it to any MCP-compatible agent in one line:
{
"mcpServers": {
"trustboost": {
"url": "https://api.trustboost.dev/mcp"
}
}
}
Once connected, your agent can call sanitize_pii automatically
before sending any text to an LLM:
# Manifest
curl https://api.trustboost.dev/mcp
# Execute
curl -X POST https://api.trustboost.dev/mcp \
-H "Content-Type: application/json" \
-d '{"tool": "sanitize_pii", "input": {"text": "My email is john@gmail.com"}}'
Compatible with: Claude Code · Cursor · Windsurf · Any MCP-compatible agent
curl -X POST https://api.trustboost.dev/sanitize \
-H 'Content-Type: application/json' \
-d '{
"text": "My email is jane@example.com and my AWS key is AKIAIOSFODNN7EXAMPLE",
"tx_hash": "TRIAL",
"wallet_address": "your-agent-id"
}'
Trial mode (tx_hash="TRIAL") gives 50 free sanitizations per wallet_address.
Paid mode requires 149 USDC on Solana to the configured payment wallet, which
unlocks 10,000 sanitizations per transaction signature.
{
"status": "success",
"request_id": "TRIAL",
"data": {
"message": "Content successfully sanitized and logged.",
"sanitized_content": "My email is [REDACTED] and my AWS key is [REDACTED]",
"safety_score": 0.6,
"risk_category": "CRITICAL",
"entities_removed": true,
"entities": [
{ "type": "email", "category": "PRIVATE", "redacted_text": "jane@example.com" },
{ "type": "aws_access_key", "category": "CRITICAL", "redacted_text": "AKIAIOSFODNN7EXAMPLE" }
],
"redaction_source": "server",
"timestamp": "2026-05-03T23:48:14.500705+00:00",
"usage_metrics": { "quota_remaining": 48, "quota_limit": 50 }
},
"billing": { "license_type": "TRIAL", "status": "active" }
}
| Field | Type | Notes |
|---|---|---|
sanitized_content | string | Same language and structure as input, with PII replaced by [REDACTED]. |
entities | Entity[] | One element per [REDACTED] tag. Stable, machine-friendly. |
safety_score | float 0.0 – 1.0 | Server-side, deterministic. Computed from entities, not the model. |
risk_category | CRITICAL/PRIVATE/SENSITIVE/CLEAN | Highest tier present in entities. |
entities_removed | bool | Convenience: true iff entities is non-empty. |
redaction_source | "model" | "server" | "fallback_full_redaction" | Telemetry: who actually performed the redaction (see below). |
unmatched_entities | Entity[] (optional) | Entities the model reported but whose redacted_text wasn't found verbatim in the input. Omitted when empty. |
safety_score is the sum of per-entity weights, capped at 1.0:
CRITICAL → 0.40 (API keys, private keys, seed phrases, credentials, card numbers, …)PRIVATE → 0.20 (emails, phone numbers, national IDs, addresses, names, …)SENSITIVE→ 0.05 (handles, partial identifiers, DOB, …)risk_category is the highest-severity tier with at least one entity, or
"CLEAN" if entities is empty.
The model returns two things that have to agree: cleaned_text and
entities. In practice they sometimes disagree — the model can correctly
identify an entity in entities but fail to actually replace it in
cleaned_text. That produces a sanitized_content that still leaks PII
while the audit trail says everything is fine, which is worse than no audit
trail.
v2.2 fixes this structurally. The model is now treated purely as a
detector: it returns the entity list. The server is the redactor: for
every entity whose redacted_text is a non-empty substring of the original
input, the server replaces all occurrences with [REDACTED]. Long
entities are processed before short ones to avoid partial overlap.
Conservative redaction by design: if the same value (e.g. 田中太郎)
appears twice in the input, both occurrences are scrubbed.
The redaction_source field tells you what happened:
"model" — the model's cleaned_text already matched the entity list,
so server-side enforcement was a no-op (the model did its job)."server" — the server-side enforcer replaced one or more entities the
model failed to remove. Track this metric over time as a model-reliability
signal: a rising server rate means the prompt or model is drifting."fallback_full_redaction" — the model returned malformed JSON; the
failsafe parser triggered and the entire input was redacted as a single
CRITICAL entity. Should be near-zero in steady state.When the model's redacted_text does not appear verbatim in the input
(paraphrasing, normalization, or hallucination), the entity is preserved in
entities (and counts toward safety_score) but is also returned in
unmatched_entities so callers can audit it.
If the upstream model returns malformed JSON, the response degrades to a
single CRITICAL entity covering the entire input rather than risking a
silent leak. Over-redaction is always preferred over under-redaction.
The system prompt covers, among others:
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
cp .env.example .env # then fill in real keys
uvicorn main:app --reload
Required environment variables:
OPENAI_API_KEYSUPABASE_URL, SUPABASE_KEYHELIUS_API_KEY, PAYMENT_WALLETTRIAL_QUOTA (default 50), PAID_QUOTA (default 10000), REQUIRED_PAYMENT_USDC (default 149)pip install pytest
python -m pytest tests/test_sanitize.py -v # unit tests, no creds needed
TRUSTBOOST_LIVE=1 python -m pytest tests/test_live.py -v # hits real /sanitize
The live tests consume TRIAL quota; set TRUSTBOOST_WALLET to a CI-specific
identifier so they don't share quota with developer wallets.
/verify/{anchor_tx}. x402 native — HTTP 402 with autonomous payment instructions. CORS for browser agents. agent-card.json for Circle Agent Stack discovery.redaction_source telemetry, unmatched_entities audit field.context field in /sanitize (legal/financial/medical/code/general). Adjusts sanitization depth per context type. Adds context_applied to response.agent_budgets table in Supabase. Operators configure daily limits once, agents operate autonomously within them./score/{wallet} endpoint. M2M trust verification with trust tier (TRUSTED/VERIFIED/ACTIVE/NEW). Aggregated from audit_log./verify/{anchor_tx}. Returns proof_of_sanitization object with Solscan link.entities array, server-side deterministic scoring, hardened JSON parsing, improved Japanese 氏名 detection.Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
English-first Korean equity intelligence MCP — DART filings, foreign-holder 5%-rule flows, activist filings, KRX news. F
Unity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control sc
