Redact & Deploy

view.okrapdf.com/s/{admin-token}/fw9.md   → full text, all PII visible
view.okrapdf.com/s/{viewer-token}/fw9.md  → PII replaced with [EMAIL], [PHONE], ***-**-****
view.okrapdf.com/s/{public-token}/fw9.md  → only allowlisted sections, PII redacted

npm install @okrapdf/edge-kit

import { LlamaCloud } from '@llamaindex/llama-cloud';
import { deploy } from '@okrapdf/edge-kit';
import type { PageInput } from '@okrapdf/edge-kit';

// 1. Parse PDF via LlamaParse (or any vendor)
const client = new LlamaCloud({ apiKey: process.env.LLAMAINDEX_API_KEY });
const parseResult = await client.parsing.parse({
  source_url: 'https://www.irs.gov/pub/irs-pdf/fw9.pdf',
  tier: 'cost_effective',
  version: 'latest',
  expand: ['items', 'markdown'],
}, { verbose: true });

// 2. Convert vendor output → vendor-agnostic PageInput
const pages: PageInput[] = [];
for (const page of parseResult.markdown?.pages ?? []) {
  if (!('markdown' in page)) continue;
  pages.push({ pageNum: page.page_number, text: page.markdown });
}

// 3. Configure PII detection
const pii = {
  preset: 'hipaa',
  patterns: ['SSN', 'EMAIL', 'PHONE_US', 'TAX_ID_US'],
  includeNames: true,
  includeAddresses: true,
};

// 4. Deploy with redaction config → get 3 URLs
const result = await deploy({
  pages,
  meta: { title: 'IRS W-9 (Rev. 3-2024)', filename: 'fw9.pdf' },
  redact: {
    pii,
    publicFieldAllowlist: ['Form W-9', 'Part I', 'Part II', 'General Instructions'],
  },
  apiKey: process.env.OKRA_API_KEY!,
});

console.log(result.urls.admin);   // full text
console.log(result.urls.viewer);  // PII redacted
console.log(result.urls.public);  // allowlist only
console.log(result.stats);        // { totalMatches: 5, pagesAffected: 2, byRule: { SSN: 1, EMAIL: 2, PHONE_US: 2 } }

// Preset-based (HIPAA, GDPR, CCPA)
const pii = { preset: 'hipaa', includeNames: true };

// Pattern-based
const pii = { patterns: ['SSN', 'EMAIL', 'PHONE_US', 'TAX_ID_US'] };

// Combined
const pii = { preset: 'hipaa', patterns: ['TAX_ID_US'], includeAddresses: true };

const result = await deploy({
  pages,
  apiKey: process.env.OKRA_API_KEY!,
  redact: {
    pii: {
      preset: 'hipaa',
      customPatterns: [
        { type: 'ACCOUNT_NUM', regex: /ACC-\d{8}/g, priority: 10, placeholder: '[ACCOUNT_{n}]', severity: 'high' },
        { type: 'INTERNAL_REF', regex: /REF-[A-Z]{3}-\d{4}/g, priority: 5, placeholder: '[REF_{n}]', severity: 'medium' },
      ],
    },
    publicFieldAllowlist: ['Summary', 'Terms'],
  },
});

view.okrapdf.com / s / {token} / {filename}.md
                   │    │          │
                   │    │          └─ decorative (human-readable, not used for lookup)
                   │    └─ HMAC-signed: base64(docId:role).signature
                   └─ "shared/governed" route prefix

curl https://view.okrapdf.com/s/{viewer-token}/fw9.md

# Form W-9
# Request for Taxpayer Identification Number
Name: John Doe
SSN: ***-**-****
Email: [EMAIL]
Phone: [PHONE]

POST /v1/documents/fw9-a3f8b2/completion
{ "prompt": "Who filed this W-9?" }

// 1. The LLM decides to call query_sql
const sqlQuery = llmResponse.tool_calls[0].function.arguments.query;

// 2. The DO runs the query against the RAW data
const rawResult = await this.state.storage.sql(sqlQuery);
// => [{ name: "John Doe", ssn: "123-45-6789", email: "john@acme.com" }]

// 3. Apply the redaction lens to the tool result
const safeResult = rawResult.map(row => {
  let safe = { ...row };
  if (activeLens !== 'admin') {
    if (safe.ssn) safe.ssn = '[REDACTED]';
    if (safe.email) safe.email = '[EMAIL]';
    if (safe.phone) safe.phone = '[PHONE]';
  }
  return safe;
});

// 4. Return the SAFE result back to the LLM as a tool message
messages.push({
  role: 'tool',
  tool_call_id: tool.id,
  content: JSON.stringify(safeResult),
  // The LLM only sees: [{ name: "John Doe", ssn: "[REDACTED]", email: "[EMAIL]" }]
});