n8n-nodes-privent - npm

npm

Search<br>Sign UpSign In

n8n-nodes-privent<br>0.9.0 • Public • Published 2 hours ago<br>Readme<br>Code Beta<br>1 Dependency<br>0 Dependents<br>19 Versions<br>n8n-nodes-privent

Early Access. Privent is currently in private rollout. API keys are issued through our access process. Request access →

Official Privent DLP community nodes for n8n. Tokenize PII and secrets in prompts on the way to your AI agents and detokenize them at trusted egress points — without ever exposing raw data to the LLM.

[Webhook] → [Privent Session] → [Privent Tokenize] → [OpenAI Chat]<br>→ [Privent Detokenize] → [Respond]

Why

LLM-powered workflows leak data. A naive {{ $json.prompt }} into ChatGPT sends customer emails, card numbers, and API keys straight to a third party.

Privent sits in the middle: it replaces sensitive values with reversible placeholders ([EMAIL_001], [CREDIT_CARD_002]) before the LLM call, then restores them only at sinks you trust.

Requirements

Component<br>Minimum

n8n<br>1.22.0

Node.js<br>20

Privent API key<br>optional (regex-only mode without it)

Installation

In n8n: Settings → Community Nodes → Install → enter n8n-nodes-privent.

Manual install (self-hosted):

cd ~/.n8n<br>npm install n8n-nodes-privent

Restart n8n. The Privent nodes appear in the node panel.

Credential: PriventApi

Create a PriventApi credential before using any Privent node.

Field<br>Description<br>Default

API Key<br>Privent Cloud API key — request access. Encrypted at rest by n8n.

Base URL<br>Privent Cloud endpoint<br>https://api.privent.ai

Vault Backend<br>Token storage: memory or redis

memory

The Privent ML host (GLiNER entity extractor) is auto-routed to<br>https://ml.privent.ai and authenticates with the same API key. No extra<br>credential field is required. Self-hosted setups can override via the<br>PRIVENT_ML_URL environment variable on the n8n process (see "Local<br>development" below).

Nodes

Privent Session

Opens a Privent session. Place this first in the workflow — every tokenize/detokenize node downstream consumes its sessionId.

Output:

Field<br>Type<br>Description

sessionId<br>string<br>UUID; pass downstream as ={{ $('Privent Session').item.json.sessionId }}

traceId<br>string<br>Correlation ID for audit logs

startedAt<br>number<br>Unix ms timestamp

executionId<br>string<br>n8n execution ID — shared key across every Privent node in the run

agentName<br>string | null<br>Logical agent name (see parameter below); null if left blank

Parameters:

Session ID Mode — auto (new UUID per execution) or manual

Agent Name — logical agent identifier propagated to every downstream Privent node via the executionId-keyed context registry. Appears in every audit event as metadata.agent_name. Optional.

Framework — orchestration label that appears in audit logs (n8n / manual)

Privent Tokenize

Detects PII and secrets in a text field and replaces them with [KIND_NNN] tokens.

Parameter<br>Description

Text Field<br>Field name to tokenize (e.g. text, prompt)

Session ID

sessionId from upstream Privent Session node

Detection Mode

auto (regex + ML fallback, default), local (regex only), cloud (regex + ML)

Review Threshold<br>Items above this risk score are flagged with privent.flaggedForReview: true

Entity Hints<br>Detection priority list: email, phone, credit_card, iban, ssn, api_key, jwt, aws_key, ip, url

Output:

"text": "Hi [EMAIL_001], your number is [PHONE_002].",<br>"privent": {<br>"sessionId": "...",<br>"entities": [<br>{ "token": "[EMAIL_001]", "kind": "EMAIL", "confidence": 0.95 },<br>{ "token": "[PHONE_002]", "kind": "PHONE", "confidence": 0.80 }<br>],<br>"risk": {<br>"risk_score": 0.87,<br>"risk_level": "high",<br>"categories": { "pii": 0.95 },<br>"model": "privent-risk-v2",<br>"latencyMs": 43<br>},<br>"flaggedForReview": true

risk is null when Detection Mode is local (the cloud risk scorer is skipped).

Privent Detokenize

Replaces tokens with their original values. Use this at trusted egress points (databases, internal webhooks, email sends) after the LLM step.

Parameter<br>Description

Session ID

sessionId from the Privent Session node

Target Field<br>Field to detokenize; * walks every string field (default)

Strict Mode<br>If true, refuses to detokenize when the destination URL is not in Trusted Sinks . Emits a detokenize audit event with reason: strict-mode-block and returns privent: { detokenized: false, reason } — it does not throw.

Trusted Sinks<br>Allowlist of URL prefixes (e.g. https://api.internal.com)

Output:

On a successful detokenize:

{ "privent": { "sessionId": "...", "detokenized": true } }

On a strict-mode block:

"privent": {<br>"sessionId": "...",<br>"detokenized": false,<br>"reason": "strict-mode: destination URL not in trusted sinks list"

Privent Risk Check

Scores text for PII and secret risk using the Privent Cloud ML pipeline. Standalone — does not require a Privent Session.

Exposed as a tool to AI Agent nodes (usableAsTool: true).

Parameter<br>Description

Text Field<br>Field name to score

Session ID<br>Optional; for audit correlation

Output:

"privent": {<br>"risk_score": 0.92,<br>"risk_level": "high",<br>"categories": { "pii":...