#!/usr/bin/env python
"""
PII Detection Demo - OpenAI Agents SDK
This example demonstrates how Enkrypt AI Guardrails detects
PII (Personally Identifiable Information) and secrets in prompts
with the OpenAI Agents SDK.
Usage:
python demo_pii_detection.py
"""
import asyncio
import os
import sys
# Add parent directory to path for imports
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
try:
from agents import Agent, Runner
AGENTS_AVAILABLE = True
except ImportError:
AGENTS_AVAILABLE = False
from enkrypt_guardrails_hook import (
EnkryptRunHooks,
GuardrailsViolationError,
)
# Test prompts with various types of PII/secrets
PII_TEST_CASES = [
{
"name": "Email address",
"prompt": "Send an email to john.doe@example.com about the meeting",
},
{
"name": "Phone number",
"prompt": "Call me back at 555-123-4567 when you have the results",
},
{
"name": "Social Security Number",
"prompt": "My SSN is 123-45-6789, can you verify my account?",
},
{
"name": "Credit card number",
"prompt": "Charge it to my card: 4111-1111-1111-1111, exp 12/25",
},
{
"name": "API Key",
"prompt": "Use this API key: sk-proj-abcdefghijklmnopqrstuvwxyz123456",
},
{
"name": "Password in text",
"prompt": "My password is SuperSecret123! Can you store it?",
},
{
"name": "AWS credentials",
"prompt": "AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE AWS_SECRET=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
},
{
"name": "Safe prompt (no PII)",
"prompt": "What is the weather like in New York today?",
},
]
async def test_pii(agent, hooks, test_case: dict) -> dict:
"""Test a single PII prompt and return results."""
hooks.reset()
result = {
"name": test_case["name"],
"prompt": test_case["prompt"][:60] + "..." if len(test_case["prompt"]) > 60 else test_case["prompt"],
"blocked": False,
"pii_detected": [],
"response": None,
}
try:
response = await Runner.run(
agent,
hooks=hooks,
input=test_case["prompt"]
)
result["response"] = str(response.final_output)[:80]
# Check for PII violations
for v in hooks.get_current_violations():
if v["detector"] == "pii":
result["pii_detected"] = v.get("entities", [])
break
except GuardrailsViolationError as e:
result["blocked"] = True
for v in e.violations:
if v["detector"] == "pii":
result["pii_detected"] = v.get("entities", [])
break
except Exception as e:
result["error"] = str(e)[:100]
return result
async def main():
print("=" * 70)
print("Enkrypt AI Guardrails - PII Detection Demo")
print("OpenAI Agents SDK Edition")
print("=" * 70)
if not AGENTS_AVAILABLE:
print("\nError: OpenAI Agents SDK is not installed.")
print("Install it with: pip install openai-agents")
return
# Create hooks
hooks = EnkryptRunHooks(
block_on_violation=True,
log_only_mode=False,
)
# Create agent
agent = Agent(
name="PII Aware Assistant",
instructions="You are a helpful assistant. Never store or repeat sensitive personal information.",
)
print("\nTesting PII detection...\n")
print("-" * 70)
pii_blocked = 0
pii_detected = 0
safe_passed = 0
for test_case in PII_TEST_CASES:
print(f"\n[{test_case['name']}]")
print(f" Prompt: {test_case['prompt'][:50]}...")
result = await test_pii(agent, hooks, test_case)
if result["blocked"]:
pii_blocked += 1
print(f" Status: BLOCKED")
if result["pii_detected"]:
print(f" PII Found: {', '.join(result['pii_detected'][:3])}")
elif result["pii_detected"]:
pii_detected += 1
print(f" Status: Detected but not blocked")
print(f" PII Found: {', '.join(result['pii_detected'][:3])}")
else:
safe_passed += 1
print(f" Status: PASSED (no PII detected)")
if result["response"]:
print(f" Response: {result['response'][:40]}...")
print("\n" + "=" * 70)
print("SUMMARY")
print("=" * 70)
print(f"Total tests: {len(PII_TEST_CASES)}")
print(f"PII Blocked: {pii_blocked}")
print(f"PII Detected: {pii_detected}")
print(f"Safe Passed: {safe_passed}")
print("\nNote: Detection depends on Enkrypt AI Guardrails policy configuration.")
print("Check ~/openai_agents/guardrails_logs/ for detailed audit logs.")
if __name__ == "__main__":
asyncio.run(main())
