feat(pillar): add masking support for automatic content sanitization

[eagle-p]

Title

Add masking support to Pillar Security guardrail

Relevant issues

Pre-Submission checklist

• I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
• I have added a screenshot of my new test passing locally
• My PR passes all unit tests on make test-unit
• My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🆕 New Feature

Changes

Summary

Adds support for automatic content masking in the Pillar Security guardrail. When on_flagged_action: "mask" is configured, sensitive content (PII, secrets, etc.) detected by Pillar is automatically sanitized before being sent to the LLM, allowing requests to proceed safely.

Key Changes

1. Masking Action Support

   • Added "mask" to SUPPORTED_ON_FLAGGED_ACTIONS
   • When masking is enabled, replaces original messages with masked_session_messages from Pillar API response
   • Automatically sets plr_mask: "true" header when masking is enabled

2. Implementation Details

   • Updated _process_pillar_response() to handle masking mode
   • Modified _prepare_headers() to automatically set plr_mask header based on on_flagged_action
   • Updated return type of _process_pillar_response() to return modified data

3. Documentation

   • Added masking section to Pillar Security documentation
   • Updated examples and configuration reference
   • Added masking use case examples

4. Tests

   • Added pillar_mask_guardrail fixture
   • Added pillar_flagged_response_with_masked_messages fixture with realistic PII masking example
   • Added tests for:
     • Message replacement with masked versions
     • plr_mask header being sent correctly
     • Edge case handling (empty masked messages)
     • PII masking in conversation context

Testing

All new tests pass:

• test_pre_call_hook_flagged_content_mask - Verifies messages are replaced with masked versions
• test_pre_call_hook_mask_header_sent - Verifies plr_mask: "true" header is sent
• test_pre_call_hook_mask_header_not_sent_when_monitor - Verifies header is "false" when not masking
• test_mask_with_pii_in_conversation - Tests realistic PII masking scenario
• test_mask_empty_masked_messages_fallback - Tests edge case handling

Usage Example

guardrails:
  - guardrail_name: "pillar-masking"
    litellm_params:
      guardrail: pillar
      mode: pre_call
      on_flagged_action: "mask"  # Automatically masks sensitive content
      api_key: os.environ/PILLAR_API_KEY

When content is flagged, LiteLLM automatically replaces messages with masked versions from Pillar's masked_session_messages response, allowing the request to proceed with sanitized content.

[vercel]

@eagle-p is attempting to deploy a commit to the CLERKIEAI Team on Vercel.

A member of the Team first needs to authorize it.