Kiji Privacy Proxy provides an intelligent privacy layer for AI API requests, automatically detecting and masking Personally Identifiable Information (PII) to prevent sensitive data from leaving the user's control. It is designed for developers, researchers, and power users interacting with AI services like OpenAI, ensuring compliance with privacy regulations and preventing accidental data leaks. The primary benefit is maintaining data privacy without requiring code changes in existing applications.

How It Works

Kiji acts as a transparent proxy, intercepting requests to AI services. It employs a local, ML-powered DistilBERT transformer model optimized with ONNX Runtime to detect and mask 26 types of PII (e.g., emails, SSNs, credit cards) with realistic dummy values. Before forwarding the request to the AI provider, PII is masked. Upon receiving the response, Kiji transparently restores the original PII, ensuring the application receives data as expected. This local processing approach offers speed and enhances privacy by avoiding external data transmission for PII detection.

Quick Start & Requirements

• Users:
  • macOS: Download and install the .dmg file from the releases page. Run the application (use sudo for automatic browser configuration).
  • Linux: Download the tar.gz archive, extract it, navigate to the directory, and run ./run.sh.
  • CLI Tools: Set HTTP_PROXY and HTTPS_PROXY environment variables to http://127.0.0.1:8081.
• Developers:
  • Prerequisites: Go 1.25+ (CGO enabled), Node.js 20+, Python 3.13+, Rust toolchain.
  • Setup: Clone the repository, run make electron-install and make setup-onnx.
  • Run: Execute make electron or use VSCode's debugger (F5).
• Documentation: Available in docs/README.md.

Highlighted Details

• 26 PII Types Detected: Covers a wide range including emails, phone numbers, SSNs, credit cards, addresses, and URLs.
• ML-Powered Local Inference: Utilizes a DistilBERT transformer model (ONNX Runtime) for fast, sub-100ms PII detection directly on the user's machine.
• Automatic Browser Configuration: Supports Proxy Auto-Config (PAC) for seamless integration with Safari and Chrome on macOS.
• Transparent Restoration: Restores original PII in API responses, maintaining application functionality.
• Production Ready: Includes support for systemd services and Docker deployments.

Maintenance & Community

Developed by Dataiku's 575 Lab (Open Source Office), Kiji-Proxy encourages community contributions through GitHub issues and pull requests. Detailed development guidelines are provided. A Slack Community is available for discussions.

Licensing & Compatibility

The project is licensed under the permissive Apache 2.0 License. This license allows for commercial use and integration into closed-source projects without significant restrictions.

Limitations & Caveats

The primary user-facing applications are for macOS and Linux. Development requires specific, recent versions of Go, Node.js, Python, and Rust. While browser integration is automatic on macOS, command-line tools necessitate manual proxy environment variable configuration.