PII Detection
PIIEvaluator scans LLM outputs for personally identifiable information using regex patterns. Zero API calls, so it works in air-gapped environments.
Basic usage
Jurisdiction-specific patterns
PIIEvaluator(jurisdiction="hipaa") with an upstream de-identification step.
Custom patterns
Redacting PII from reports
By default, matched PII is shown in the reason field. To mask it in audit logs:What’s detected
Structured Output Validation
SchemaEvaluator validates that LLM outputs conform to a defined structure. Works with Pydantic models and JSON Schema dicts, and reports per-field failures rather than a bare valid/invalid.
StructEval (2025) found GPT-4 fails complex structured extraction ~12% of the time. This evaluator catches those failures in your specific pipeline.
Pydantic model
JSON Schema
Handling markdown code fences
SchemaEvaluator automatically strips markdown code fences from outputs:
Compliance Audit Trail
ComplianceReporter writes a hash-chained, tamper-evident NDJSON log of every eval run, with Article-level regulatory control annotations on each evaluator result.
Basic usage
EU AI Act high-risk factory
For high-risk systems under Annex III, use the factory — it wires the standard measurable controls with calibrated thresholds:NotEmpty, Faithfulness, Hallucination, Relevance,
Toxicity, Bias, PIIEvaluator (plus optional SchemaEvaluator if you pass
schema=). Pair with runs=5 to surface flakiness — Art. 15(2) robustness
isn’t a single-run claim.
Coverage report
Before you run, check which Articles the suite actually exercises:Framework mappings
NIST AI RMF subcategories: accuracy evaluators → MEASURE 2.3, robustness → MEASURE 2.5, toxicity → MEASURE 2.6,
pii_detection → MEASURE 2.10, bias → MEASURE 2.11.
Verifying integrity (hash chain)
Each record storesprev_hash pointing at the previous record’s record_hash,
forming a SHA-256 chain. verify() walks the chain end-to-end:
TAMPERED. If a middle record is deleted
(undetectable under per-record hashing): CHAIN BROKEN on the next record.
Audit record format
Each NDJSON line:controls is a list because some evaluators may map to multiple controls in
future framework versions. prev_hash is "0" * 64 for the first record in
the log (genesis).
Full compliance pipeline
CI/CD Integration
./audit-logs/ are the compliance artifacts — store them alongside your release artifacts.
