YinShield
Privacy layer for AI workflows
Local-first privacy for agents and LLM calls
Open source · Apache-2.0YinShield sits between your app and the model. It detects Chinese PII locally, replaces it with placeholders or stable aliases, and restores the response after inference. It ships as a Python package, a local HTTP bridge, and a thin OpenClaw plugin.
Local masking example
Raw input
收件人:张三,手机号13812345678,地址北京市朝阳区建国路88号。
Masked for model
收件人:<PERSON_1>,手机号<PHONE_1>,地址<ADDRESS_1>。
Restored for user
收件人:张三,手机号13812345678,地址北京市朝阳区建国路88号。
Launch snapshot
Why it exists
You do not need a vault, a data pipeline, or a control plane to start protecting prompts. You need a local layer that developers can install fast and agents can call consistently.
Built for current workflows
Today the strongest default is placeholder mode: deterministic, reversible, and easier to reason about in production. Alias mode remains useful, but it should be framed as an advanced tradeoff rather than the default promise.
Why teams choose it
YinShield gives teams a local masking layer they can install quickly, validate locally, and plug into existing AI workflows without standing up a full privacy platform first.
The current release already includes local tests across the core engine, HTTP API, installer, and OpenAI-compatible wrappers. On the bundled mini realistic benchmark, placeholder mode currently reaches 97.65% precision, 97.65% recall, and 100% recovery.
Terminal demo
Run the local bridge, send one request, and inspect exactly what leaves the machine. This is the fastest way to understand what YinShield is doing for you.
$ pip install yinshield
$ yinshield serve --auth-token change-me
[yinshield] listening on http://127.0.0.1:27811
$ curl -X POST http://127.0.0.1:27811/mask \
-H "Authorization: Bearer change-me" \
-H "Content-Type: application/json" \
-d '{"text":"我叫张三,手机号13812345678,地址北京市朝阳区建国路88号。","mode":"placeholder"}'
{
"text": "我叫<PERSON_1>,手机号<PHONE_1>,地址<ADDRESS_1>。",
"mapping": {
"<PERSON_1>": "张三",
"<PHONE_1>": "13812345678",
"<ADDRESS_1>": "北京市朝阳区建国路88号"
}
}Quick start
curl -fsSL https://yin-shield.site/setup-openclaw-yinshield.sh | bashfrom yinshield import Shield
shield = Shield(mode="placeholder", strategy="balanced")
masked, mapping = shield.mask("我叫张三,手机号13812345678")
restored = shield.unmask(masked, mapping)Workflow
Recognize Chinese names, phones, ID cards, addresses, company IDs, order numbers, and more before the request leaves the host.
Choose strict placeholders for control or stable aliases for better semantic preservation. Persist sessions to keep multi-turn consistency.
Send masked content to the model, then unmask the result for the operator or end user on the local side.
Integrations
The homepage keeps the shape simple. Full config, auth, and API details live in Docs.
Use YinShield as a thin privacy tool layer inside OpenClaw. Keep the plugin small and the masking engine in Python.
{
"plugins": {
"entries": {
"openclaw-yinshield": {
"enabled": true,
"config": {
"baseUrl": "http://127.0.0.1:27811",
"mode": "placeholder",
"authToken": "change-me"
}
}
}
}
}Bridge any local runtime with a simple API. This is the cleanest path for agent frameworks that do not want a Python dependency inside the host process.
POST /health
POST /mask
POST /unmask
POST /messages/maskWrap chat and responses flows with automatic masking, unmasking, streaming support, and provider compatibility through base_url.
client = ShieldedOpenAI(
api_key="...",
base_url="https://api.openai.com/v1"
)Modes and strategy
Best when you want deterministic masking and maximum control over what the model sees.
张三 → <PERSON_1>
Useful when downstream reasoning needs more natural text and stable identities across turns, but not yet the safest mode to market as the default.
张三 → 陈明
loose, balanced, and strict give you control over coverage versus false positives.
balanced is the default