v2.2.0 — Finnish recognizers

What's new

Finnish pattern recognizers

Two new EU recognizers covering Finnish national identifiers, contributed by @akunikkola in #4:

• FI_HETU — henkilötunnus (personal identity code). DDMMYY + century marker (+, -, A–F, U–Y) + 3-digit individual number + control character from the official 31-symbol alphabet (no G/I/O/Q). Date validated by the regex itself — shape is highly specific, base score 0.85.
• FI_BUSINESS_ID — Y-tunnus. 7 digits + hyphen + check digit. Generic shape relies on context boost (y-tunnus, yritystunnus, business id, etc.) — base score 0.4, same approach as DE_TAX_ID and FR_CNI.

Entity count: 33 → 35.

Existing vat_fi in EU_VAT is unchanged — it covers the international form FI02012566; the new FI_BUSINESS_ID covers the local hyphenated form 0201256-6.

Install (Claude Desktop / Claude Code)

Platform	Asset
Windows / Linux	pii-shield-v2.2.0-windows-linux.mcpb
macOS (arm64 + x64)	pii-shield-v2.2.0-macos.mcpb
Skill (any OS)	pii-contract-analyze.skill

Drop the .mcpb into Settings → Extensions → Advanced Settings → Install extension, then upload the .skill via Customize → Skills → Upload.

Install (CLI / npm)

npm install -g pii-shield@2.2.0

Full setup guide: repo README.

v2.1.0 — standalone CLI on npm

What's new

Standalone CLI on npm

`pii-shield` is now installable as a global npm package:

```bash
npm install -g pii-shield
pii-shield doctor
pii-shield install-model # one-off ~634 MB GLiNER download
pii-shield anonymize contract.pdf
```

Same engine, same `~/.pii_shield/` data layout, same session format as the MCP server — anonymize on the CLI, deanonymize from Claude Desktop, or vice versa. Requires Node 22+.

Full CLI manual: `cli/USAGE.md`.

Engine swap — @adeu/core for tracked-changes redline

Swapped `@ansonlai/docx-redline-js` for `@adeu/core` as the .docx tracked-changes writer. Cleaner revision marks in `deanonymize_docx` output.

Review-store cache invalidation across processes

CLI `pii-shield review` and the MCP `start_review` panel share the same session store under `~/.pii_shield/mappings/`. The in-memory review cache now detects when another process has rewritten the session file and reloads — so opening the same session from both sides no longer shows stale state.

Install (Claude Desktop / Claude Code)

Platform	Asset
Windows / Linux	`pii-shield-v2.1.0-windows-linux.mcpb`
macOS (arm64 + x64)	`pii-shield-v2.1.0-macos.mcpb`
Skill (any OS)	`pii-contract-analyze.skill`

Drop the `.mcpb` into Settings → Extensions → Advanced Settings → Install extension, then upload the `.skill` via Customize → Skills → Upload.

Full setup guide: repo README.

v2.0.4 - security: keep raw PII out of MCP responses (#2)

Security fix - issue #2

start_review and anonymize_docx were leaking raw document text into Claude's context before the HITL approval step. Both are fixed in v2.0.4.

What changed

• start_review now returns metadata-only sessions[]: {session_id, doc_id, source_filename, entity_count, approved, has_overrides}. No raw text, no entities, no html.
• New get_review_payload tool with _meta.ui.visibility: ["app"] - model-invisible. The iframe pulls the unredacted payload through it after mount.
• apply_review_overrides moved to the same registerAppTool shape with visibility: ["app"].
• anonymize_docx return shape whitelisted (paths + counts + note).

Regression test

npm run smoke seeds a session with three known canary substrings, calls start_review, stringifies the entire response, and asserts every canary is absent. Catches regressions at the protocol level.

Install

Download pii-shield-v2.0.4.mcpb below and install via Claude Desktop -> Settings -> Extensions -> Advanced Settings -> Install Extension.

Full testkit (with model installer scripts) in pii-shield-testkit-v2.0.4.zip.

Acceptance

Reproducing the original demo from #2 in Claude Desktop, Claude now answers "I don't actually know - and that's by design" when asked to name the parties before approval.

Full commit: 99650e9

v2.0.2 — Complete Node.js rewrite

v2.0.2 — Complete Node.js rewrite

PII Shield has been rewritten from scratch in Node.js. The v1.0.0 Python implementation is preserved at tag v1.0.0 for anyone who needs it.

How install works now

No terminal commands. No model download upfront. PII Shield handles the model install in-chat via a panel that appears the first time you anonymize.

1. Download the .mcpb for your OS:
   • Windows / Linux → pii-shield-v2.0.2-windows-linux.mcpb
   • macOS (Intel or Apple Silicon) → pii-shield-v2.0.2-macos.mcpb (bundles Node 24.15.0 to dodge a Claude Desktop darwin host-runtime launch bug)
2. Install the MCP extension — Claude Desktop → Settings → Extensions → Advanced Settings → Install extension → select your .mcpb.
3. Upload the skill — Claude Desktop → Customize → Skills → + → Upload a skill → select pii-contract-analyze.skill. Drives anonymize → review → analysis → deanonymize end to end.
4. Open a new chat, ask Claude to anonymize a document. On the very first run an in-chat panel pops up with two buttons:
   • Download model — opens your default browser, downloads gliner-pii-base-v1.0.zip (~634 MB) from this release. The browser handles the transfer (no SmartScreen / Defender issues with unsigned scripts).
   • Install downloaded ZIP — PII Shield finds the ZIP in your Downloads / OneDrive / Desktop / Documents folder, validates it (model.onnx ≥ 600 MB + 4 tokenizer files), atomic-extracts into ~/.pii_shield/models/, and re-initializes NER. Anonymization continues automatically.

After that first run the panel never appears again. NER deps install once via npm ci --ignore-scripts into a versioned cache (~/.pii_shield/deps/installs/<slug>/) — 2–3 min, instant on every subsequent boot.

What changed under the hood

• Runtime: Node.js (was Python 3.10+). No PyTorch, no SpaCy, no presidio.
• NER: GLiNER via @xenova/transformers + onnxruntime-node 1.22.0 (pinned triplet, deterministic npm ci).
• Package: .mcpb (was .dxt).
• HITL review: MCP Apps iframe in chat (was localhost web server + browser tab).
• Install: in-chat setup panel (was terminal one-liner). See above.
• Sizes: ~700 KB thin .mcpb on Windows/Linux, ~83 MB macOS variant (bundles Node).

Release artefacts

File	What	Size
pii-shield-v2.0.2-windows-linux.mcpb	MCPB for Windows + Linux (uses host Node)	~700 KB
pii-shield-v2.0.2-macos.mcpb	MCPB for macOS arm64 + x64 (bundles Node 24.15.0)	~83 MB
pii-contract-analyze.skill	Contract analysis skill (load into ~/.claude/skills/)	~25 KB
gliner-pii-base-v1.0.zip	GLiNER NER model — fetched by the in-chat install panel	~613 MB

Migrating from v1.0.0

This is a separate product, not a drop-in upgrade. If you want to stay on Python, pin to tag v1.0.0.

Known notes

• macOS users: install only pii-shield-v2.0.2-macos.mcpb, not the windows-linux one. The Mac variant bundles Node 24.15.0 to work around a Claude Desktop host-Node launch bug on darwin.
• Mappings live at ~/.pii_shield/mappings/ with a 7-day default TTL. Raise PII_MAPPING_TTL_DAYS in extension settings for matters that span weeks / months.
• The model can also be installed manually if you can't use the panel — drop gliner-pii-base-v1.0.zip somewhere PII Shield scans (Downloads / OneDrive / Desktop / Documents) and click the panel's Install button.

PII Shield v1.0.0

First public release.

What it does: MCP server that anonymizes documents before Claude sees them and restores real data after analysis. PII never enters the API — only file paths and random session IDs are exchanged.

Key features:

• GLiNER zero-shot NER (knowledgator/gliner-pii-base-v1.0) + 17 EU pattern recognizers
• Human-in-the-Loop review via local web UI
• PDF, DOCX (with tracked changes), plain text support
• Self-bootstrapping — auto-installs all dependencies on first run
• Full local audit logging

Install:

1. Download pii-shield-v1.0.0.dxt and pii-contract-analyze.skill below
2. Claude Desktop → Settings → Extensions → Install extension
3. Claude Desktop → Customize → Skills → Upload a skill

Supports Windows, macOS, Linux. Requires Python 3.10+.