{ "nodes": [ { "id": "3510f22b-6743-4ee5-ac1a-59df62cf54d0", "name": "Document Upload Webhook", "type": "n8n-nodes-base.webhook", "position": [ -2528, 432 ], "parameters": { "path": "gdpr-document-upload", "options": { "rawBody": true }, "httpMethod": "POST", "responseMode": "lastNode" }, "typeVersion": 2.1 }, { "id": "bbfef060-261b-451e-982a-36408aa5f722", "name": "Workflow Configuration", "type": "n8n-nodes-base.set", "position": [ -2320, 432 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "id-1", "name": "documentId", "type": "string", "value": "={{ $now.toISO() }}" }, { "id": "id-2", "name": "confidenceThreshold", "type": "number", "value": 0.8 }, { "id": "id-3", "name": "vaultTable", "type": "string", "value": "pii_vault" }, { "id": "id-4", "name": "auditTable", "type": "string", "value": "pii_audit_log" } ] }, "includeOtherFields": true }, "typeVersion": 3.4 }, { "id": "723dec91-ad38-4a6f-9eae-8c34197b76e2", "name": "OCR Extract Text", "type": "n8n-nodes-base.extractFromFile", "position": [ -2128, 432 ], "parameters": { "options": { "keepSource": "both" }, "operation": "pdf" }, "typeVersion": 1.1 }, { "id": "570e62ce-852e-41b1-889c-1e3197343ecd", "name": "Email Detector", "type": "n8n-nodes-base.code", "position": [ -1728, 144 ], "parameters": { "jsCode": "// Email Detector - Extract all email addresses from OCR text\nconst items = $input.all();\nconst results = [];\n\n// Email regex pattern with domain validation\nconst emailRegex = /\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b/g;\n\nfor (const item of items) {\n const text = item.json.text || '';\n const detectedEmails = [];\n \n let match;\n while ((match = emailRegex.exec(text)) !== null) {\n detectedEmails.push({\n value: match[0],\n type: 'email',\n start_pos: match.index,\n end_pos: match.index + match[0].length,\n confidence: 1.0\n });\n }\n \n results.push({\n json: {\n detections: detectedEmails,\n detector: 'email',\n original_text: text\n }\n });\n}\n\nreturn results;" }, "typeVersion": 2 }, { "id": "f62cc18d-7992-4efa-8d32-7f70d18ac8a5", "name": "Phone Detector", "type": "n8n-nodes-base.code", "position": [ -1728, 336 ], "parameters": { "jsCode": "// Phone number detection with country-aware patterns\nconst items = $input.all();\nconst results = [];\n\n// Get the extracted text from OCR node\nfor (const item of items) {\n const text = item.json.text || '';\n \n // Comprehensive phone number patterns for various countries\n // Matches formats like: +1234567890, +1234567890, (555) 123-4567, etc.\n const phonePatterns = [\n // International format with country code\n /\\+\\d{1,3}[\\s.-]?\\(?\\d{1,4}\\)?[\\s.-]?\\d{1,4}[\\s.-]?\\d{1,4}[\\s.-]?\\d{1,9}/g,\n // US/Canada format with parentheses\n /\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}/g,\n // General format with separators\n /\\d{3,4}[\\s.-]\\d{3,4}[\\s.-]\\d{3,4}/g\n ];\n \n const detectedPhones = [];\n const seenPhones = new Set();\n \n for (const pattern of phonePatterns) {\n let match;\n while ((match = pattern.exec(text)) !== null) {\n const phoneValue = match[0];\n \n // Avoid duplicates\n if (!seenPhones.has(phoneValue)) {\n seenPhones.add(phoneValue);\n \n detectedPhones.push({\n value: phoneValue,\n type: 'phone',\n start_pos: match.index,\n end_pos: match.index + phoneValue.length,\n confidence: 0.95\n });\n }\n }\n }\n \n // Return results for this item\n if (detectedPhones.length > 0) {\n results.push({\n json: {\n detected_pii: detectedPhones,\n original_text: text,\n detection_type: 'phone',\n count: detectedPhones.length\n }\n });\n }\n}\n\n// If no phones detected, return empty result\nif (results.length === 0) {\n return [{\n json: {\n detected_pii: [],\n detection_type: 'phone',\n count: 0\n }\n }];\n}\n\nreturn results;" }, "typeVersion": 2 }, { "id": "1e01d3c6-92f3-43c5-b112-e1b710915ae3", "name": "ID Number Detector", "type": "n8n-nodes-base.code", "position": [ -1728, 528 ], "parameters": { "jsCode": "// ID Number Detector - Detects SSN, PAN, License Numbers, Bank Account Numbers\n// Returns array of objects with value, type, start_pos, end_pos, confidence\n\nconst items = $input.all();\nconst results = [];\n\nfor (const item of items) {\n const text = item.json.extractedText || item.json.text || '';\n const detections = [];\n \n // SSN Pattern (XXX-XX-XXXX or XXXXXXXXX)\n const ssnPattern = /\\b(?:\\d{3}-\\d{2}-\\d{4}|\\d{9})\\b/g;\n let match;\n \n while ((match = ssnPattern.exec(text)) !== null) {\n const value = match[0];\n // Basic validation: not all zeros, not sequential\n const digits = value.replace(/-/g, '');\n if (digits !== '+1234567890' && digits !== '123456789') {\n detections.push({\n value: value,\n type: 'id_number',\n subtype: 'ssn',\n start_pos: match.index,\n end_pos: match.index + value.length,\n confidence: 0.9\n });\n }\n }\n \n // PAN (Permanent Account Number - India) Pattern (AAAAA9999A)\n const panPattern = /\\b[A-Z]{5}[0-9]{4}[A-Z]\\b/g;\n \n while ((match = panPattern.exec(text)) !== null) {\n const value = match[0];\n detections.push({\n value: value,\n type: 'id_number',\n subtype: 'pan',\n start_pos: match.index,\n end_pos: match.index + value.length,\n confidence: 0.9\n });\n }\n \n // Driver's License Pattern (varies by region, common formats)\n // US format: 1-2 letters followed by 6-8 digits\n const licensePattern = /\\b[A-Z]{1,2}[0-9]{6,8}\\b/g;\n \n while ((match = licensePattern.exec(text)) !== null) {\n const value = match[0];\n detections.push({\n value: value,\n type: 'id_number',\n subtype: 'drivers_license',\n start_pos: match.index,\n end_pos: match.index + value.length,\n confidence: 0.9\n });\n }\n \n // Bank Account Number Pattern (8-17 digits)\n const bankAccountPattern = /\\b[0-9]{8,17}\\b/g;\n \n while ((match = bankAccountPattern.exec(text)) !== null) {\n const value = match[0];\n // Avoid false positives by checking it's not already detected as SSN\n const isSSN = detections.some(d => d.subtype === 'ssn' && d.value.replace(/-/g, '') === value);\n if (!isSSN) {\n detections.push({\n value: value,\n type: 'id_number',\n subtype: 'bank_account',\n start_pos: match.index,\n end_pos: match.index + value.length,\n confidence: 0.9\n });\n }\n }\n \n // IBAN Pattern (International Bank Account Number)\n const ibanPattern = /\\b[A-Z]{2}[0-9]{2}[A-Z0-9]{11,30}\\b/g;\n \n while ((match = ibanPattern.exec(text)) !== null) {\n const value = match[0];\n detections.push({\n value: value,\n type: 'id_number',\n subtype: 'iban',\n start_pos: match.index,\n end_pos: match.index + value.length,\n confidence: 0.9\n });\n }\n \n results.push({\n json: {\n detections: detections,\n originalText: text,\n detectionCount: detections.length\n }\n });\n}\n\nreturn results;" }, "typeVersion": 2 }, { "id": "89110cc9-a2e8-4c9d-8b21-402061b83355", "name": "Address Detector AI", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ -1808, 848 ], "parameters": { "text": "={{ $json.text }}", "options": { "systemMessage": "You are a PII detection specialist. Analyze the provided text and identify all physical addresses (street, city, state, postal code, country). Return each address found with its position in the text and a confidence score between 0 and 1." }, "promptType": "define", "hasOutputParser": true }, "typeVersion": 3 }, { "id": "3725829c-72a7-4f14-9e91-dc32234b9813", "name": "Address Output Parser", "type": "@n8n/n8n-nodes-langchain.outputParserStructured", "position": [ -1616, 992 ], "parameters": { "schemaType": "manual", "inputSchema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"addresses\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"object\",\n\t\t\t\t\"properties\": {\n\t\t\t\t\t\"value\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"type\": {\n\t\t\t\t\t\t\"type\": \"string\",\n\t\t\t\t\t\t\"enum\": [\"address\"]\n\t\t\t\t\t},\n\t\t\t\t\t\"start_pos\": {\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t},\n\t\t\t\t\t\"end_pos\": {\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t},\n\t\t\t\t\t\"confidence\": {\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t\t\"required\": [\"value\", \"type\", \"start_pos\", \"end_pos\", \"confidence\"]\n\t\t\t}\n\t\t}\n\t},\n\t\"required\": [\"addresses\"]\n}" }, "typeVersion": 1.3 }, { "id": "0c9d02ad-87f3-43d9-9e24-e72cd97e180f", "name": "Merge PII Detections", "type": "n8n-nodes-base.merge", "position": [ -1440, 240 ], "parameters": { "mode": "combine", "options": {}, "combineBy": "combineAll" }, "typeVersion": 3.2 }, { "id": "93b9bdf5-468b-40fa-b6ea-b7136216de88", "name": "PII Consolidation & Conflict Resolver", "type": "n8n-nodes-base.code", "position": [ -1216, 240 ], "parameters": { "jsCode": "// PII Consolidation & Conflict Resolver\n// Merges all PII detections, resolves overlaps, deduplicates, and returns consolidated PII map\n\nconst allDetections = [];\n\n// Collect all PII detections from all input items\nfor (const item of $input.all()) {\n if (item.json.detections && Array.isArray(item.json.detections)) {\n allDetections.push(...item.json.detections);\n }\n}\n\nconsole.log(`Total detections collected: ${allDetections.length}`);\n\n// Sort detections by start position for easier overlap detection\nallDetections.sort((a, b) => a.start - b.start);\n\n// Resolve overlaps: higher confidence wins, longer span preferred if confidence is equal\nconst resolvedDetections = [];\n\nfor (const detection of allDetections) {\n let shouldAdd = true;\n let indexToReplace = -1;\n \n for (let i = 0; i < resolvedDetections.length; i++) {\n const existing = resolvedDetections[i];\n \n // Check for overlap\n const hasOverlap = (\n (detection.start >= existing.start && detection.start < existing.end) ||\n (detection.end > existing.start && detection.end <= existing.end) ||\n (detection.start <= existing.start && detection.end >= existing.end)\n );\n \n if (hasOverlap) {\n const detectionLength = detection.end - detection.start;\n const existingLength = existing.end - existing.start;\n \n // Higher confidence wins\n if (detection.confidence > existing.confidence) {\n indexToReplace = i;\n break;\n } else if (detection.confidence === existing.confidence) {\n // If confidence is equal, prefer longer span\n if (detectionLength > existingLength) {\n indexToReplace = i;\n break;\n } else {\n shouldAdd = false;\n break;\n }\n } else {\n shouldAdd = false;\n break;\n }\n }\n }\n \n if (indexToReplace >= 0) {\n resolvedDetections[indexToReplace] = detection;\n } else if (shouldAdd) {\n resolvedDetections.push(detection);\n }\n}\n\nconsole.log(`Detections after overlap resolution: ${resolvedDetections.length}`);\n\n// Deduplicate exact matches (same type, value, and position)\nconst deduplicatedDetections = [];\nconst seen = new Set();\n\nfor (const detection of resolvedDetections) {\n const key = `${detection.type}|${detection.value}|${detection.start}|${detection.end}`;\n \n if (!seen.has(key)) {\n seen.add(key);\n deduplicatedDetections.push(detection);\n }\n}\n\nconsole.log(`Detections after deduplication: ${deduplicatedDetections.length}`);\n\n// Create consolidated PII map\nconst piiMap = deduplicatedDetections.map((detection, index) => ({\n id: `pii_${index + 1}`,\n type: detection.type,\n value: detection.value,\n start: detection.start,\n end: detection.end,\n confidence: detection.confidence,\n source: detection.source || 'unknown'\n}));\n\n// Sort by start position for final output\npiiMap.sort((a, b) => a.start - b.start);\n\nreturn [\n {\n json: {\n piiMap: piiMap,\n totalDetections: piiMap.length,\n originalText: $input.first().json.extractedText || $input.first().json.text || '',\n timestamp: new Date().toISOString()\n }\n }\n];" }, "typeVersion": 2 }, { "id": "40678c14-67ad-461b-9043-bcb76a86cb08", "name": "Tokenization & Vault Storage", "type": "n8n-nodes-base.code", "position": [ -992, 240 ], "parameters": { "jsCode": "// Tokenization & Vault Storage\n// Generates secure tokens for PII and prepares vault records\n\nconst items = $input.all();\nconst vaultRecords = [];\nconst tokenMap = {};\n\n// Helper function to generate random hash\nfunction generateHash(length = 4) {\n const chars = '0123456789ABCDEF';\n let hash = '';\n for (let i = 0; i < length; i++) {\n hash += chars.charAt(Math.floor(Math.random() * chars.length));\n }\n return hash;\n}\n\n// Process all PII items from consolidated data\nfor (const item of items) {\n const piiData = item.json.consolidatedPII || [];\n const originalText = item.json.originalText || '';\n const documentId = item.json.documentId || item.json.document_id || 'unknown';\n \n for (const pii of piiData) {\n const type = pii.type.toUpperCase();\n const originalValue = pii.value;\n const hash = generateHash(4);\n const token = `<<${type}_${hash}>>`;\n \n // Create vault record\n vaultRecords.push({\n token: token,\n original_value: originalValue,\n type: type,\n document_id: documentId,\n created_at: new Date().toISOString()\n });\n \n // Store token mapping for text replacement\n tokenMap[originalValue] = token;\n }\n}\n\n// Generate masked text by replacing all PII with tokens\nlet maskedText = items[0]?.json?.originalText || '';\nfor (const [originalValue, token] of Object.entries(tokenMap)) {\n // Use global replace to handle multiple occurrences\n const regex = new RegExp(originalValue.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&'), 'g');\n maskedText = maskedText.replace(regex, token);\n}\n\nreturn [{\n json: {\n vaultRecords: vaultRecords,\n tokenMap: tokenMap,\n maskedText: maskedText,\n documentId: items[0]?.json?.documentId || items[0]?.json?.document_id || 'unknown',\n originalText: items[0]?.json?.originalText || '',\n totalTokensGenerated: vaultRecords.length\n }\n}];" }, "typeVersion": 2 }, { "id": "4d8bd2f6-f05e-4de5-8111-184cc985217a", "name": "Store Tokens in Vault", "type": "n8n-nodes-base.postgres", "position": [ -800, 240 ], "parameters": { "table": { "__rl": true, "mode": "name", "value": "={{ $('Workflow Configuration').first().json.vaultTable }}" }, "schema": { "__rl": true, "mode": "list", "value": "public" }, "columns": { "value": { "type": "={{ $json.type }}", "token": "YOUR_CREDENTIAL_HERE", "created_at": "={{ $json.created_at }}", "document_id": "={{ $json.document_id }}", "original_value": "={{ $json.original_value }}" }, "mappingMode": "defineBelow" }, "options": {} }, "typeVersion": 2.6 }, { "id": "7811a902-0f0d-40a2-81c8-351d768f0ed1", "name": "Generate Masked Text", "type": "n8n-nodes-base.code", "position": [ -560, 240 ], "parameters": { "jsCode": "// Generate Masked Text - Replace PII with tokens\nconst items = $input.all();\n\nif (items.length === 0) {\n return [{\n json: {\n masked_text: '',\n token_count: 0,\n masking_success: false,\n error: 'No input items'\n }\n }];\n}\n\n// Get the original text from OCR Extract Text node\nconst ocrData = $('OCR Extract Text').first().json;\nlet originalText = ocrData.text || '';\n\n// Get the tokenized PII data from Store Tokens in Vault node\nconst vaultData = $('Store Tokens in Vault').all();\n\nif (!vaultData || vaultData.length === 0) {\n return [{\n json: {\n masked_text: originalText,\n token_count: 0,\n masking_success: false,\n error: 'No tokenized data available'\n }\n }];\n}\n\nlet maskedText = originalText;\nlet tokenCount = 0;\nlet allReplacementsSucceeded = true;\nconst replacements = [];\n\n// Process each tokenized PII item\nfor (const item of vaultData) {\n const piiData = item.json;\n \n if (piiData.original_value && piiData.token) {\n const originalValue = piiData.original_value;\n const token = piiData.token;\n \n // Check if the original value exists in the text\n if (maskedText.includes(originalValue)) {\n // Replace all occurrences of the original value with the token\n const regex = new RegExp(originalValue.replace(/[.*+?^${}()|[\\]\\\\]/g, '\\\\$&'), 'g');\n const beforeLength = maskedText.length;\n maskedText = maskedText.replace(regex, token);\n const afterLength = maskedText.length;\n \n // Count successful replacements\n if (beforeLength !== afterLength || maskedText.includes(token)) {\n tokenCount++;\n replacements.push({\n original: originalValue,\n token: token,\n type: piiData.pii_type || 'unknown',\n replaced: true\n });\n } else {\n allReplacementsSucceeded = false;\n replacements.push({\n original: originalValue,\n token: token,\n type: piiData.pii_type || 'unknown',\n replaced: false\n });\n }\n } else {\n // Original value not found in text\n allReplacementsSucceeded = false;\n replacements.push({\n original: originalValue,\n token: token,\n type: piiData.pii_type || 'unknown',\n replaced: false,\n reason: 'Value not found in text'\n });\n }\n }\n}\n\n// Return the masked text with metadata\nreturn [{\n json: {\n masked_text: maskedText,\n original_text: originalText,\n token_count: tokenCount,\n masking_success: allReplacementsSucceeded && tokenCount > 0,\n replacements: replacements,\n timestamp: new Date().toISOString()\n }\n}];" }, "typeVersion": 2 }, { "id": "30e64592-f363-4ebe-9f37-2fd4d6a80218", "name": "AI Processing (Masked Data)", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ -160, 0 ], "parameters": { "text": "={{ $json.masked_text }}", "options": { "systemMessage": "You are a document processing AI. Extract structured information from the provided document. IMPORTANT: You are working with masked data where PII has been replaced with tokens like <>. Process the document normally and preserve these tokens in your output exactly as they appear." }, "promptType": "define", "hasOutputParser": true }, "typeVersion": 3 }, { "id": "c7bf152b-79fe-417e-8d05-969ea2a47b6d", "name": "AI Processing Model", "type": "@n8n/n8n-nodes-langchain.lmChatAnthropic", "position": [ -192, 160 ], "parameters": { "model": { "__rl": true, "mode": "list", "value": "claude-sonnet-4-5-20250929", "cachedResultName": "Claude Sonnet 4.5" }, "options": {} }, "typeVersion": 1.3 }, { "id": "786dded9-24f5-47be-aece-b90469b04314", "name": "AI Output Parser", "type": "@n8n/n8n-nodes-langchain.outputParserStructured", "position": [ 80, 128 ], "parameters": { "schemaType": "manual", "inputSchema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"documentType\": {\n\t\t\t\"type\": \"string\",\n\t\t\t\"description\": \"Type of document processed (e.g., invoice, contract, form)\"\n\t\t},\n\t\t\"summary\": {\n\t\t\t\"type\": \"string\",\n\t\t\t\"description\": \"Brief summary of the document content\"\n\t\t},\n\t\t\"keyEntities\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"object\",\n\t\t\t\t\"properties\": {\n\t\t\t\t\t\"entityType\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"value\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"description\": \"Key entities extracted from the document\"\n\t\t},\n\t\t\"dates\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"string\"\n\t\t\t},\n\t\t\t\"description\": \"Important dates found in the document\"\n\t\t},\n\t\t\"amounts\": {\n\t\t\t\"type\": \"array\",\n\t\t\t\"items\": {\n\t\t\t\t\"type\": \"object\",\n\t\t\t\t\"properties\": {\n\t\t\t\t\t\"currency\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t},\n\t\t\t\t\t\"amount\": {\n\t\t\t\t\t\t\"type\": \"number\"\n\t\t\t\t\t},\n\t\t\t\t\t\"description\": {\n\t\t\t\t\t\t\"type\": \"string\"\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t},\n\t\t\t\"description\": \"Monetary amounts found in the document\"\n\t\t},\n\t\t\"processedData\": {\n\t\t\t\"type\": \"object\",\n\t\t\t\"description\": \"Additional processed information specific to document type\"\n\t\t}\n\t},\n\t\"required\": [\"documentType\", \"summary\"]\n}" }, "typeVersion": 1.3 }, { "id": "6763634c-e71d-4f3b-8be2-b36d1210dd4c", "name": "Re-Injection Controller", "type": "n8n-nodes-base.code", "position": [ 320, 80 ], "parameters": { "jsCode": "// Re-Injection Controller\n// Analyzes AI output, identifies fields requiring PII restoration,\n// extracts tokens, and prepares re-injection request\n\nconst items = $input.all();\nconst results = [];\n\nfor (const item of items) {\n const aiOutput = item.json.aiOutput || item.json;\n const fieldPermissions = item.json.fieldPermissions || {};\n const tokensToRetrieve = [];\n const reinjectionMap = {};\n \n // Define which fields should have PII restored based on permissions\n // Fields marked as 'restore' or 'unmask' will have original PII restored\n const fieldsToRestore = Object.keys(fieldPermissions).filter(\n field => fieldPermissions[field] === 'restore' || fieldPermissions[field] === 'unmask'\n );\n \n // Traverse AI output and identify token placeholders\n function extractTokens(obj, path = '') {\n for (const key in obj) {\n const currentPath = path ? `${path}.${key}` : key;\n const value = obj[key];\n \n if (typeof value === 'string') {\n // Check if value contains token pattern (e.g., TOKEN_EMAIL_123, TOKEN_PHONE_456)\n const tokenPattern = /TOKEN_([A-Z_]+)_([a-f0-9-]+)/g;\n const matches = value.matchAll(tokenPattern);\n \n for (const match of matches) {\n const fullToken = match[0];\n const tokenType = match[1];\n const tokenId = match[2];\n \n // Check if this field should be restored\n const shouldRestore = fieldsToRestore.some(field => \n currentPath.includes(field) || key === field\n );\n \n if (shouldRestore) {\n tokensToRetrieve.push({\n token: fullToken,\n tokenId: tokenId,\n tokenType: tokenType,\n field: currentPath,\n originalValue: value\n });\n \n if (!reinjectionMap[currentPath]) {\n reinjectionMap[currentPath] = [];\n }\n reinjectionMap[currentPath].push(fullToken);\n }\n }\n } else if (typeof value === 'object' && value !== null) {\n extractTokens(value, currentPath);\n }\n }\n }\n \n extractTokens(aiOutput);\n \n // Prepare output with re-injection instructions\n results.push({\n json: {\n aiOutput: aiOutput,\n tokensToRetrieve: tokensToRetrieve,\n reinjectionMap: reinjectionMap,\n fieldPermissions: fieldPermissions,\n totalTokensFound: tokensToRetrieve.length,\n fieldsToRestore: fieldsToRestore,\n timestamp: new Date().toISOString(),\n workflowExecutionId: $execution.id\n }\n });\n}\n\nreturn results;" }, "typeVersion": 2 }, { "id": "b07a8d69-9ff1-4b97-8a10-f682492b9a03", "name": "Retrieve Original Values", "type": "n8n-nodes-base.postgres", "position": [ 672, 80 ], "parameters": { "table": { "__rl": true, "mode": "name", "value": "={{ $('Workflow Configuration').first().json.vaultTable }}" }, "where": { "values": [ { "value": "={{ $('Re-Injection Controller').item.json.token }}", "column": "token" } ] }, "schema": { "__rl": true, "mode": "list", "value": "public" }, "options": {}, "operation": "select", "returnAll": true }, "typeVersion": 2.6 }, { "id": "ad95487c-c75a-4c60-bc59-113df00118d3", "name": "Restore Original PII", "type": "n8n-nodes-base.code", "position": [ 864, 80 ], "parameters": { "jsCode": "// Restore Original PII - Replace tokens with original values from vault\n// Only restore PII for explicitly allowed fields based on re-injection policy\n\nconst aiOutput = $input.first().json;\nconst vaultData = $('Retrieve Original Values').all();\n\n// Create a map of tokens to original values\nconst tokenMap = {};\nvaultData.forEach(item => {\n const data = item.json;\n tokenMap[data.token] = {\n originalValue: data.original_value,\n piiType: data.pii_type,\n allowedForReinjection: data.allowed_for_reinjection\n };\n});\n\n// Function to recursively restore PII in objects\nfunction restorePII(obj) {\n if (typeof obj === 'string') {\n // Check if string contains tokens (format: [TOKEN_xxxxx])\n const tokenRegex = /\\[TOKEN_[A-Z0-9]+\\]/g;\n return obj.replace(tokenRegex, (token) => {\n const tokenData = tokenMap[token];\n if (tokenData && tokenData.allowedForReinjection) {\n return tokenData.originalValue;\n }\n // Keep token if not allowed for re-injection\n return token;\n });\n } else if (Array.isArray(obj)) {\n return obj.map(item => restorePII(item));\n } else if (obj !== null && typeof obj === 'object') {\n const restored = {};\n for (const key in obj) {\n restored[key] = restorePII(obj[key]);\n }\n return restored;\n }\n return obj;\n}\n\n// Restore PII in the AI output\nconst restoredOutput = restorePII(aiOutput);\n\n// Create audit trail\nconst restoredFields = [];\nfor (const token in tokenMap) {\n if (tokenMap[token].allowedForReinjection) {\n restoredFields.push({\n token: token,\n piiType: tokenMap[token].piiType\n });\n }\n}\n\nreturn [\n {\n json: {\n finalOutput: restoredOutput,\n restoredFields: restoredFields,\n restorationTimestamp: new Date().toISOString(),\n totalTokensRestored: restoredFields.length\n }\n }\n];" }, "typeVersion": 2 }, { "id": "b89c3f08-3277-4f3b-9089-1df0f2ee4edd", "name": "Store Audit Log", "type": "n8n-nodes-base.postgres", "position": [ 1296, 80 ], "parameters": { "table": { "__rl": true, "mode": "name", "value": "={{ $('Workflow Configuration').first().json.auditTable }}" }, "schema": { "__rl": true, "mode": "list", "value": "public" }, "columns": { "value": { "actor": "system", "timestamp": "={{ $json.timestamp }}", "document_id": "={{ $json.document_id }}", "token_count": "={{ $json.token_count }}", "pii_types_detected": "={{ $json.pii_types_detected }}", "ai_access_confirmed": true, "re_injection_events": "={{ $json.re_injection_events }}" }, "schema": [], "mappingMode": "defineBelow", "matchingColumns": [] }, "options": {} }, "typeVersion": 2.6 }, { "id": "c0acedc8-c86d-495a-93f2-06b9d23e763c", "name": "Masking Success Check", "type": "n8n-nodes-base.if", "position": [ -352, 240 ], "parameters": { "options": {}, "conditions": { "options": { "leftValue": "", "caseSensitive": false, "typeValidation": "loose" }, "combinator": "and", "conditions": [ { "id": "id-1", "operator": { "type": "boolean", "operation": "equals" }, "leftValue": "={{ $('Generate Masked Text').item.json.masking_success }}", "rightValue": "true" } ] } }, "typeVersion": 2.3 }, { "id": "92d0e6fd-5fc3-4514-9b7e-242d0f0744c1", "name": "Block AI Processing", "type": "n8n-nodes-base.set", "position": [ -32, 496 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "id-1", "name": "error", "type": "string", "value": "Masking failed - AI processing blocked" }, { "id": "id-2", "name": "status", "type": "string", "value": "BLOCKED" }, { "id": "id-3", "name": "requires_manual_review", "type": "boolean", "value": true } ] } }, "typeVersion": 3.4 }, { "id": "6b5a1df1-c718-47be-9e90-f5cfd63438a7", "name": "Send Alert Notification", "type": "n8n-nodes-base.httpRequest", "position": [ 208, 496 ], "parameters": { "url": "<__PLACEHOLDER_VALUE__Alert webhook or notification endpoint URL__>", "method": "POST", "options": {}, "sendBody": true, "bodyParameters": { "parameters": [ { "name": "error_details", "value": "={{ $json.error_details }}" }, { "name": "document_id", "value": "={{ $json.document_id }}" }, { "name": "timestamp", "value": "={{ $now.toISO() }}" } ] } }, "typeVersion": 4.3 }, { "id": "522979b9-1913-4023-9b69-4b4e77485c09", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ -3216, 224 ], "parameters": { "width": 512, "height": 528, "content": "## GDPR-Safe AI Document Processing\n\nThis workflow processes uploaded documents while protecting sensitive personal data. When a PDF is uploaded, OCR extracts the text and multiple detectors identify Personally Identifiable Information (PII) such as emails, phone numbers, ID numbers, and addresses.\n\nDetected PII is consolidated and replaced with secure tokens while the original values are stored in a Postgres vault. The AI model only processes the masked version of the document, ensuring sensitive information is never exposed.\n\nIf required, a controlled re-injection mechanism can restore original values from the vault. All masking, AI access, and restoration events are recorded in an audit log.\n\nSetup\n\nConfigure Postgres credentials.\n\nCreate pii_vault and pii_audit_log tables.\n\nConnect an AI model.\n\nSend documents to the webhook." }, "typeVersion": 1 }, { "id": "a7ff2577-87c2-4288-be8b-740f78424024", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ -1840, -16 ], "parameters": { "color": 7, "width": 288, "height": 736, "content": "## PII Detection Layer\n\nMultiple detectors scan the document to identify sensitive information such as emails, phone numbers, ID numbers, and physical addresses." }, "typeVersion": 1 }, { "id": "0b397b8d-bdc0-49e7-8283-c24a4de572b0", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ -1008, 48 ], "parameters": { "color": 7, "width": 352, "height": 384, "content": "##Tokenization & Vault Storage\n\nEach detected PII value is replaced with a secure token such as:\n\n<>\nThe original values are stored securely in a Postgres vault table." }, "typeVersion": 1 }, { "id": "b6fe8410-fcb8-4361-a6e7-7d05115523f6", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ -2000, 736 ], "parameters": { "color": 7, "width": 560, "height": 368, "content": "## Address Detection (AI) local ollama\n\nAn AI model analyzes the OCR text to detect physical addresses that are harder to capture with regex patterns." }, "typeVersion": 1 }, { "id": "cc20d7c8-66ed-497e-9e73-3c4cf902b5bb", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ -1504, 96 ], "parameters": { "color": 7, "width": 224, "height": 368, "content": "## Merge Detection Results\n\nAll detection outputs are merged into a single dataset." }, "typeVersion": 1 }, { "id": "078fd05b-a6ae-44e3-bbbb-938a61eb1722", "name": "Sticky Note5", "type": "n8n-nodes-base.stickyNote", "position": [ -2640, 272 ], "parameters": { "color": 7, "width": 304, "height": 368, "content": "## Document Upload\n\nA webhook receives uploaded documents.\nThis entry point triggers the workflow and passes the file to the OCR step for text extraction." }, "typeVersion": 1 }, { "id": "4299741e-35d4-4fce-965d-e32f1ebcb859", "name": "Sticky Note8", "type": "n8n-nodes-base.stickyNote", "position": [ -1264, 48 ], "parameters": { "color": 7, "height": 400, "content": "## IResolve Overlapping Detections\n\nOverlapping or duplicate PII detections are resolved." }, "typeVersion": 1 }, { "id": "4c28716e-8aaf-4992-8c93-c8fbf7724cbb", "name": "Sticky Note9", "type": "n8n-nodes-base.stickyNote", "position": [ -2192, 272 ], "parameters": { "color": 7, "width": 256, "height": 352, "content": "## OCR Text Extraction\n\nExtracts text from uploaded PDF files." }, "typeVersion": 1 }, { "id": "1cfdffc2-3008-4cb9-9377-94fe2785925f", "name": "Sticky Note10", "type": "n8n-nodes-base.stickyNote", "position": [ 272, -176 ], "parameters": { "color": 7, "width": 336, "height": 416, "content": "## PII Re-Injection Controller\n\nAnalyzes AI output to determine whether specific tokens should be replaced with original values.\n\nRestoration follows defined permissions to control where sensitive data can appear." }, "typeVersion": 1 }, { "id": "4b48d393-fa34-4c81-9835-d0ad8631646c", "name": "Sticky Note11", "type": "n8n-nodes-base.stickyNote", "position": [ 640, -176 ], "parameters": { "color": 7, "width": 432, "height": 416, "content": "## Restore Original Values\n\nOriginal PII values are retrieved from the vault and restored only in approved fields.\n\nThis ensures controlled access to sensitive data." }, "typeVersion": 1 }, { "id": "ab011bb0-977f-43e9-877e-fb15d63c59be", "name": "Sticky Note12", "type": "n8n-nodes-base.stickyNote", "position": [ -128, 272 ], "parameters": { "color": 7, "width": 496, "height": 432, "content": "## IMasking Safety Check\n\nBefore AI processing, the workflow verifies that masking was successful.\n\nIf masking fails, AI processing is blocked to prevent accidental exposure of sensitive information." }, "typeVersion": 1 }, { "id": "f80f3a53-98a9-413e-92fc-e62b0f87d78b", "name": "Sticky Note13", "type": "n8n-nodes-base.stickyNote", "position": [ -256, -176 ], "parameters": { "color": 7, "width": 512, "height": 416, "content": "## AI Processing (Masked Data)\n\nThe masked document is sent to an AI model for analysis.\n\nSince sensitive data is replaced with tokens, the AI can safely summarize or extract structured information." }, "typeVersion": 1 }, { "id": "506c70db-8cd2-4478-ae6a-a6b15b77a941", "name": "Ollama Chat Model", "type": "@n8n/n8n-nodes-langchain.lmChatOllama", "position": [ -1904, 992 ], "parameters": { "options": {} }, "typeVersion": 1 }, { "id": "8e32d94c-dd17-4736-bc91-d8e78653d59e", "name": "Sticky Note14", "type": "n8n-nodes-base.stickyNote", "position": [ 1200, -64 ], "parameters": { "color": 7, "width": 368, "height": 304, "content": "## Compliance Audit Log\n\nAll detection, masking, AI access, and restoration events are recorded in a Postgres audit table.\n\nThis provides traceability and supports privacy compliance requirements." }, "typeVersion": 1 } ], "connections": { "Email Detector": { "main": [ [ { "node": "Merge PII Detections", "type": "main", "index": 0 } ] ] }, "Phone Detector": { "main": [ [ { "node": "Merge PII Detections", "type": "main", "index": 1 } ] ] }, "AI Output Parser": { "ai_outputParser": [ [ { "node": "AI Processing (Masked Data)", "type": "ai_outputParser", "index": 0 } ] ] }, "OCR Extract Text": { "main": [ [ { "node": "Email Detector", "type": "main", "index": 0 }, { "node": "Phone Detector", "type": "main", "index": 0 }, { "node": "ID Number Detector", "type": "main", "index": 0 }, { "node": "Address Detector AI", "type": "main", "index": 0 } ] ] }, "Ollama Chat Model": { "ai_languageModel": [ [ { "node": "Address Detector AI", "type": "ai_languageModel", "index": 0 } ] ] }, "ID Number Detector": { "main": [ [ { "node": "Merge PII Detections", "type": "main", "index": 0 } ] ] }, "AI Processing Model": { "ai_languageModel": [ [ { "node": "AI Processing (Masked Data)", "type": "ai_languageModel", "index": 0 } ] ] }, "Address Detector AI": { "main": [ [ { "node": "Merge PII Detections", "type": "main", "index": 1 } ] ] }, "Block AI Processing": { "main": [ [ { "node": "Send Alert Notification", "type": "main", "index": 0 } ] ] }, "Generate Masked Text": { "main": [ [ { "node": "Masking Success Check", "type": "main", "index": 0 } ] ] }, "Merge PII Detections": { "main": [ [ { "node": "PII Consolidation & Conflict Resolver", "type": "main", "index": 0 } ] ] }, "Restore Original PII": { "main": [ [ { "node": "Store Audit Log", "type": "main", "index": 0 } ] ] }, "Address Output Parser": { "ai_outputParser": [ [ { "node": "Address Detector AI", "type": "ai_outputParser", "index": 0 } ] ] }, "Masking Success Check": { "main": [ [ { "node": "AI Processing (Masked Data)", "type": "main", "index": 0 } ], [ { "node": "Block AI Processing", "type": "main", "index": 0 } ] ] }, "Store Tokens in Vault": { "main": [ [ { "node": "Generate Masked Text", "type": "main", "index": 0 } ] ] }, "Workflow Configuration": { "main": [ [ { "node": "OCR Extract Text", "type": "main", "index": 0 } ] ] }, "Document Upload Webhook": { "main": [ [ { "node": "Workflow Configuration", "type": "main", "index": 0 } ] ] }, "Re-Injection Controller": { "main": [ [ { "node": "Retrieve Original Values", "type": "main", "index": 0 } ] ] }, "Retrieve Original Values": { "main": [ [ { "node": "Restore Original PII", "type": "main", "index": 0 } ] ] }, "AI Processing (Masked Data)": { "main": [ [ { "node": "Re-Injection Controller", "type": "main", "index": 0 } ] ] }, "Tokenization & Vault Storage": { "main": [ [ { "node": "Store Tokens in Vault", "type": "main", "index": 0 } ] ] }, "PII Consolidation & Conflict Resolver": { "main": [ [ { "node": "Tokenization & Vault Storage", "type": "main", "index": 0 } ] ] } } }