Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.nusomi.com/llms.txt

Use this file to discover all available pages before exploring further.

Masking happens at capture, before any frame or event is persisted. Once data is masked it cannot be unmasked — the original is never written to disk.

Workspace patterns

The dashboard ships with built-in patterns:
PatternMatches
credit_cardPAN-shaped strings (Luhn-validated).
us_ssnXXX-XX-XXXX.
emaillocal@domain.
phone_intlE.164.
ibanBank IBAN.
aws_access_keyAKIA....
oauth_bearerBearer ... headers.
jwtThree-segment dot-separated token.
password_fieldAny input with type="password" or autocomplete="current-password".
Toggle them on/off per workspace, or define custom patterns via regex: 
curl https://api.nusomi.com/v1/masking/patterns \
  -X POST \
  -H "Authorization: Bearer nsk_live_<admin-key>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "internal_employee_id",
    "regex": "EMP-[0-9]{6}",
    "replacement": "[masked:emp_id]"
  }'

What gets masked

When a pattern matches, three things happen:
  1. Pixels: a blur is applied over the matched region in every frame for the duration of the match. The original pixels are discarded.
  2. DOM/AX text: the matched substring is replaced with [masked:<pattern>] in the captured tree.
  3. Event payloads: the matched value is replaced with the same placeholder.
The match position is recorded ({x, y, w, h}) so the masked region is auditable, but the original value is not.

Per-field redaction (browser extension)

Operators can right-click any input and choose Redact this field. The choice persists for the rest of the session. Redacted fields appear with [redacted] in events and a blur in frames. Per-field redaction overrides workspace patterns — even if a pattern wouldn’t have matched, a redacted field is masked.

Per-workflow redaction (SDK)

const session = await nusomi.sessions.create({
  workflow: "process_invoice",
  redact: {
    fields: ["#tax-id", "#bank-account"],
    selectors_within_iframe: ["[data-stripe-element]"],
    css_text_classes: ["sensitive"],
  },
});
Anything matching the listed selectors is treated like a redacted field for the entire session.

Time-bounded redaction (operator pause)

The desktop tray and browser extension expose a Redact next 30 seconds action. While active, every captured frame is fully blurred and every event payload is [redacted]. This is the recommended pattern for “I’m about to type a credential — don’t capture this.”

Masking in exports

Masked frames stay masked in exports. Training datasets contain the placeholder, not the original. There is no API path that returns the unmasked value; masking is one-way at capture.

Logging masked-vs-unmasked counts

The audit log records every match with the pattern name and a hashed match-id (so repeated matches of the same value across frames cluster, but the value can’t be recovered). Useful for compliance reporting: 
GET /v1/audit?action=masking.match&since=30d
Masking can be turned off per workspace. Don’t. The control is in the dashboard under Security → Masking → Patterns and requires admin scope plus a dual-confirm.