https://github.com/maya-data-privacy/ai-safe-plugin
Real-time PII detection and redaction for AI chat interfaces.
https://github.com/maya-data-privacy/ai-safe-plugin
chatgpt chrome-extension claude gemini gliner llm ner pii-detection pii-redaction security security-tools
Last synced: 13 days ago
JSON representation
Real-time PII detection and redaction for AI chat interfaces.
- Host: GitHub
- URL: https://github.com/maya-data-privacy/ai-safe-plugin
- Owner: MAYA-DATA-PRIVACY
- License: mit
- Created: 2026-02-21T13:03:25.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-06-21T10:30:54.000Z (15 days ago)
- Last Synced: 2026-06-21T12:15:24.807Z (15 days ago)
- Topics: chatgpt, chrome-extension, claude, gemini, gliner, llm, ner, pii-detection, pii-redaction, security, security-tools
- Language: JavaScript
- Homepage: https://maya-data-privacy.github.io/Veil/
- Size: 6.59 MB
- Stars: 3
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Security: docs/SECURITY.md
Awesome Lists containing this project
README

**MAYA AISafe Plugin — real-time PII detection and redaction for AI chat interfaces.**
Local detection by default, with optional Maya anonymisation when you enable it.
[](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/actions/workflows/ci.yml)
[](LICENSE)
[](https://chrome.google.com/webstore)
[](https://github.com/fastino-ai/GLiNER2)
[](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases)
[](docs/CONTRIBUTING.md)
[](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/stargazers)
[Website](https://maya-data-privacy.github.io/AI-Safe-Plugin/) · [Install Guide](https://maya-data-privacy.github.io/AI-Safe-Plugin/install) · [Changelog](CHANGELOG.md) · [Report a Bug](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/issues/new?template=bug_report.md) · [Request a Feature](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/issues/new?template=feature_request.md)
---
## The Problem
Every time you type a name, email, phone number, or credit card into ChatGPT, Claude, Gemini, or any other AI assistant, that data can leave your browser and land on somebody else's server. It may be logged. It might get used for training. You have no way to get it back.
Most people don't even think about it until it's too late.
## What MAYA AISafe Plugin Does
MAYA AISafe Plugin sits between you and the AI. It watches what you type, spots sensitive information in real time, and gives you a chance to mask it before it gets sent. Names become `[PERSON]`. Emails become `[EMAIL REDACTED]`. Credit card numbers can be replaced before they leave your browser.
Detection runs on your own machine by default using a local NLP model called [GLiNER2](https://github.com/fastino-ai/GLiNER2), plus local regex rules. MAYA AISafe Plugin also has an optional Maya anonymisation mode for realistic replacements; when enabled, selected anonymisation payloads are sent to Maya through MAYA AISafe Plugin's local proxy.
```
You type: "Hey, my name is John Smith and my SSN is 123-45-6789"
|
MAYA AISafe Plugin intercepts
|
AI receives: "Hey, my name is [PERSON] and my SSN is [SSN REDACTED]"
```
## Key Features
- **Local detection by default** - GLiNER2 ONNX model runs on localhost. Detection does not require cloud calls and works offline after initial setup.
- **Inline highlights** - Grammarly-style underlining shows exactly what MAYA AISafe Plugin found. One click to redact, one click to dismiss.
- **Works everywhere** - ChatGPT, Claude, Gemini, Perplexity, Notion, and any other site with text inputs or contentEditable fields.
- **Regex fallback** - Built-in patterns catch API keys, JWTs, AWS credentials, SSNs, and more. Works instantly even without the local model.
- **Custom patterns** - Add your own regex rules for internal IDs, project codes, or anything specific to your workflow.
- **Keyboard shortcuts** - Use `Alt+Shift+R` to redact all detections in the focused field and `Alt+Shift+V` to pause or resume MAYA AISafe Plugin on the current site.
- **Adjustable sensitivity** - Low, Medium, or High detection thresholds depending on how aggressive you want the scanning to be.
- **One-command install** - Single curl/PowerShell command sets up the local server, downloads the model, registers autostart, and you're done.
- **Cross-platform** - Linux (systemd), macOS (launchd), and Windows (Task Scheduler) autostart out of the box.
## What It Detects
**Via the GLiNER2 model:** Person names, email addresses, phone numbers, physical addresses, social security numbers, credit card numbers, dates of birth, locations, and organizations.
**Via regex patterns:** OpenAI/AWS/GitHub/Stripe/Twilio API keys, JWTs, IPv4/IPv6 addresses, MAC addresses, Indian PAN/Aadhaar/IFSC numbers, passport numbers, connection strings, private keys, and any custom pattern you define.
For the full, categorized breakdown of everything the product does, see [docs/FEATURES.md](docs/FEATURES.md).
---
## Getting Started
### 1. Install the Extension
Download the latest `ai-safe-plugin-extension-*.zip` from [Releases](https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases), extract it, then:
1. Open Chrome and go to `chrome://extensions`
2. Turn on **Developer mode** (top right)
3. Click **Load unpacked** and select the extracted folder
4. If you previously loaded an older unpacked build, reload the extension once so Chrome uses MAYA AISafe Plugin's fixed extension ID.
### 2. Install the Local Server
The server handles PII detection using the GLiNER2 model. One command does everything: downloads the server, sets up the Python runtime, downloads the model, registers autostart, and starts the server.
**Linux / macOS:**
```bash
curl -fsSL https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases/latest/download/install.sh | bash
```
**Windows** (PowerShell as Administrator):
```powershell
irm https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases/latest/download/install.ps1 | iex
```
That's it. The server starts immediately and will auto-launch on every login. Advanced/custom builds can still pass an explicit extension ID with `--extension-id` or `-ExtensionId`; ordinary releases use the pinned ID `aggkonihfabdcbgomkfecjhdolddfabe`. Open any AI chatbot and start typing - MAYA AISafe Plugin is watching.
### 3. Verify It Works
Click the MAYA AISafe Plugin icon in your browser toolbar. You should see:
- A green status dot indicating the local server is online
- "Local GLiNER2 is online" in the status area
Type something like "My name is John Smith and my email is john@example.com" into any AI chat. MAYA AISafe Plugin should highlight the name and email within a second or two.
---
## How It Works Under the Hood
```
Browser Tab (chatgpt.com, claude.ai, etc.)
|
v
content.js ---- monitors input fields ----> background.js (service worker)
| |
| highlights + redaction UI v
|<----------------------------- GLiNER2 ONNX server (127.0.0.1:8765)
| via native_host.py (Chrome native messaging)
v
User sees inline highlights. One-click redaction replaces PII before submission.
```
1. **content.js** watches every text input and contentEditable field on the page. When you type, it debounces and sends the text to the background service worker.
2. **background.js** forwards the text to the local GLiNER2 server over `localhost:8765` (via Chrome's native messaging bridge for reliability).
3. The **GLiNER2 server** runs the ONNX model, finds entities, and returns detection results with positions and confidence scores.
4. **content.js** renders inline highlights over the detected spans. You can dismiss false positives or accept redactions with a single click.
Local detection happens on your machine. The extension's manifest includes a strict Content Security Policy (`script-src 'self'; object-src 'none'`) and no remote code is ever loaded or executed.
### Data Flow and Retention
- **Detection text**: sent from the active tab to the extension background worker, then to the local MAYA AISafe Plugin server on `127.0.0.1:8765` for GLiNER2 inference. This detection path is local by default.
- **Optional anonymisation**: when Anonymize mode is enabled and a Maya API key is configured, selected detected values are sent to Maya through the local `/anonymize` proxy so Maya can return realistic replacements. Maya company policy says Maya does not store PII that runs through its anonymisation engine.
- **Browser-local storage**: settings, custom regex patterns, Maya API key, local server URL override, onboarding/preferences, site redaction counters, and cached redaction state are stored in `chrome.storage.local`, not Chrome sync.
- **Cached redaction state**: MAYA AISafe Plugin stores recent redaction state locally so page interactions can remain consistent. The cache includes the source text and detected items, and entries older than 24 hours are removed by the extension cache cleanup logic.
- **Uninstall**: removing the extension clears extension-owned browser storage according to browser behavior. The server uninstall scripts remove the local server runtime, model files, autostart entries, and native messaging host config.
### Security Boundaries
- MAYA AISafe Plugin protects text before submission; it does not control how ChatGPT, Claude, Gemini, or any destination service handles text after you send it.
- MAYA AISafe Plugin does not inspect provider-owned server logs, conversation databases, or model-training pipelines.
- The local server binds to `127.0.0.1` by default. Treat other local processes and browser extensions on the same machine as part of your local trust boundary.
- Custom regex patterns run locally but can still create performance problems if a pattern is pathological. Add only patterns you trust.
---
## Configuration
### Sensitivity Levels
| Level | Threshold | When to Use |
|--------|-----------|-------------|
| Low | 0.75 | Fewer detections, higher precision. Good if you're getting false positives. |
| Medium | 0.62 | Balanced. This is the default. |
| High | 0.52 | Catches more, but expect some noise. Use when handling highly sensitive data. |
### Custom Regex Patterns
Head to the extension's Settings page, scroll to **Advanced**, and add patterns like:
```json
{
"id": "internal_employee_id",
"label": "employee_id",
"pattern": "\\bEMP-[0-9]{6}\\b",
"flags": "g",
"score": 0.99,
"replacement": "[EMPLOYEE ID]",
"enabled": true
}
```
### Anonymisation Service (Optional)
MAYA AISafe Plugin can optionally connect to the [Maya Data Privacy](https://mayadataprivacy.in) anonymisation API for smarter replacements - turning `John Smith` into a consistent synthetic alias like `Alex Johnson` instead of a generic `[PERSON]` tag.
This is disabled by default and requires your own Maya API key. When Anonymize mode is enabled, MAYA AISafe Plugin sends the selected detected values and metadata needed for anonymisation to Maya through the local server's `/anonymize` proxy. Maya company policy says Maya does not store PII that runs through its anonymisation engine. Unsupported detections remain local and are masked with local redaction tags.
---
## Uninstalling
**Linux / macOS:**
```bash
curl -fsSL https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases/latest/download/uninstall.sh | bash
```
**Windows:**
```powershell
irm https://github.com/Maya-Data-Privacy/AI-Safe-Plugin/releases/latest/download/uninstall.ps1 | iex
```
This removes the server, Python virtual environment, downloaded models, autostart registration, and native messaging host config. The Chrome extension itself is removed separately from `chrome://extensions`.
---
## Development
### Prerequisites
- Node.js 18+
- Python 3.11 (managed automatically by `uv`)
- Chrome or any Chromium-based browser
### Setup
```bash
git clone https://github.com/Maya-Data-Privacy/AI-Safe-Plugin.git
cd AI-Safe-Plugin
npm run setup # provisions Python 3.11 + dependencies via uv
npm run download-gliner2 # downloads the ONNX model (~2 GB)
npm run run-gliner2 # starts the local server on port 8765
```
Load `extension/` as an unpacked extension in Chrome, and you're developing.
For optional Maya anonymisation endpoint overrides, create a local `.env` from the environment variable sample in [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md). Do not commit `.env`.
### Running Tests
```bash
npm run test:unit # JavaScript unit tests
npm run test:unit:python # Python unit tests (pytest)
npm run test:e2e # Playwright end-to-end tests (headless Chromium)
npm run test:e2e:headed # same, but with a visible browser
```
### Version Management
Version is defined once in `package.json`. After editing it, run:
```bash
npm run version:sync # propagates to manifest.json + pyproject.toml
npm run version:check # CI uses this to catch drift
```
### Building a Release
```bash
npm run build:zip # extension zip for Chrome Web Store
npm run build:backend-bundle # server tarball for GitHub Release
npm run build:model-bundle # ONNX model tarball for GitHub Release
```
Releases are triggered by pushing a `v*` tag. The pipeline verifies version consistency across all files, runs the full test suite, and uploads release assets automatically. The full procedure is in [docs/RELEASING.md](docs/RELEASING.md).
---
## Project Structure
```
AI-Safe-Plugin/
├── extension/ # Chrome extension (load this folder directly)
│ ├── manifest.json # MV3 manifest with CSP
│ ├── background.js # Service worker: detection routing, server health
│ ├── content.js # In-page PII detection, highlights, redaction UI
│ ├── popup.html / popup.js # Toolbar popup
│ ├── options.html / options.js # Full settings page
│ ├── pattern_catalog.js # Built-in + custom regex pattern engine
│ └── styles.css
│
├── server/ # Local Python backend
│ ├── gliner2_server.py # GLiNER2 ONNX inference server (localhost:8765)
│ ├── native_host.py # Chrome native messaging bridge (stdio)
│ ├── native-host/ # Platform install/uninstall for the messaging host
│ └── autostart/ # Platform service registration (systemd/launchd/schtasks)
│
├── scripts/
│ ├── installers/ # User-facing install.sh, install.ps1, uninstall.*
│ ├── build_backend_bundle.py # Packages server + runtime for GitHub Release
│ ├── build_model_bundle.py # Packages fp16 ONNX model for GitHub Release
│ ├── build_crx.sh # Zips extension/ for Chrome Web Store
│ └── sync_version.py # Single-source version propagation
│
├── tests/
│ ├── e2e/ # Playwright browser tests
│ ├── js/ # Node.js unit tests
│ └── server/ # Python unit tests (pytest)
│
├── assets/icons/ # Logos, wordmarks, social preview
├── docs/ # Contributing, security policy, architecture
└── .github/workflows/ # CI, CodeQL, release automation
```
---
## Security
### What MAYA AISafe Plugin Protects Against
Accidental disclosure of personal data to AI services. If you paste your SSN into ChatGPT without thinking, MAYA AISafe Plugin catches it and gives you a chance to redact it first.
### What It Does Not Protect Against
A compromised browser, a malicious extension with higher privileges, OS-level keyloggers, or network interception. MAYA AISafe Plugin is a privacy safeguard, not a security perimeter.
### Extension Permissions
| Permission | Why |
|---|---|
| `storage` | Saves your settings (sensitivity, custom patterns, enabled state) locally |
| `activeTab` | Shows per-tab detection stats in the popup |
| `scripting` | Fallback content script injection for dynamic iframes |
| `nativeMessaging` | Connects to the local GLiNER2 server via Chrome's native messaging bridge |
| `` | Monitors text inputs on any site where you might type sensitive data |
### Reporting Vulnerabilities
Please do not open public issues for security vulnerabilities. See [docs/SECURITY.md](docs/SECURITY.md) for responsible disclosure instructions.
### Privacy
MAYA AISafe Plugin performs detection locally by default; optional Maya anonymisation runs only when you enable it. See the full [Privacy Policy](docs/PRIVACY_POLICY.md) for what MAYA AISafe Plugin processes, what leaves the device, and how local data is stored and deleted.
---
## Roadmap
- [x] GLiNER2 local NER detection
- [x] Regex fallback engine with 20+ built-in patterns
- [x] Inline redaction UI for plain text and contentEditable fields
- [x] Custom regex pattern support
- [x] Cross-platform autostart (Linux, macOS, Windows)
- [x] Bundled ONNX model in GitHub Release (no HuggingFace download needed)
- [x] Single-source version management
- [ ] Chrome Web Store listing
- [ ] Firefox support
- [ ] On-device ONNX model (no Python server required)
- [ ] Audit log / export of redacted sessions
- [ ] Team policy mode (enforce redaction rules via shared config)
---
## Contributing
We welcome contributions, especially around PII detection accuracy, new browser support, performance improvements, and documentation.
See [docs/CONTRIBUTING.md](docs/CONTRIBUTING.md) for guidelines and [docs/DEVELOPMENT.md](docs/DEVELOPMENT.md) for the local development setup.
**Areas where we could use help:** Firefox/Safari port, Windows and macOS native host improvements, ONNX model packaging, UI polish, demo GIFs, and documentation.
---
## Acknowledgments

Fastino Labs
GLiNER2 — the local zero-shot NER model that powers PII detection

Maya Data Privacy
Anonymisation API for format-preserving entity replacement

Hugging Face
Model hosting and the transformers ecosystem
---
## License
[MIT](LICENSE) © 2025 [Maya Data Privacy](https://mayadataprivacy.in)