BAUXITENETWORKS

Whitepaper: Bauxite Intercept

Deterministic PII Redaction and Resource Isolation for LLM Systems

1. Executive Summary

As enterprises adopt Large Language Models (LLMs), they encounter a fundamental tradeoff:

Security increases latency. Latency increases risk.

Most systems solve this by adding buffers, caches, and inspection layers—expanding both memory footprint and attack surface.

Bauxite Intercept removes this tradeoff.

It introduces a Zero-Disk, Fixed-Heap interception layer that performs streaming PII redaction in real time, without buffering entire payloads or relying on persistent storage.

Security is enforced not through scale—but through strict, deterministic constraints.

2. Streaming Redaction: Zero-Disk by Design

Traditional systems inspect requests by buffering them—either in memory or on disk. This creates a secondary system that must itself be secured.

Bauxite eliminates this entirely.

Streaming Placeholder Swap

  • In-flight Redaction Sensitive data (emails, phone numbers, IDs) is detected and replaced with UUID placeholders as the request streams through.

  • Transient Vault (Memory Only) Mappings are stored in a short-lived, in-memory structure (sync.Map) with strict TTL enforcement.

  • Single-Pass Rehydration As the LLM streams its response, placeholders are replaced with original values using a single-pass byte comparison.

  • Zero Persistence Sensitive data is never written to disk. No logs, no buffers, no residual state.

Bauxite Diagram

3. Fixed-Heap Isolation: The Straitjacket

Most services treat memory as elastic. Bauxite treats it as a hard boundary.

Deterministic Memory Control

  • Pre-emptive Rejection Before processing begins, Bauxite evaluates memory pressure using runtime.MemStats. If a request would exceed the configured limit, it is rejected with:

    HTTP 507 Insufficient Storage

  • Flat Memory Profile sync.Pool is used to reuse internal structures, minimizing allocations and reducing GC pressure under load.

  • Application-Level Circuit Breaker Oversized or malicious payloads are rejected early—preventing OOM crashes and protecting adjacent services.

Bauxite Diagram

4. Technical Characteristics

PropertyValueOutcome
RuntimeGo (static binary)High concurrency, minimal dependencies
Memory LimitFixed (default: 20MB)Predictable behavior under load
Processing ModelStreamingNo full-request buffering
PersistenceNoneEliminates data remanence risk
Latency Overhead~<1ms typicalOperationally negligible
Binary Size~15MBPortable, edge-friendly

5. Deployment Model

Bauxite is designed to run wherever data leaves your trust boundary.

  • Local Development Run as a drop-in proxy. Change BASE_URL and intercept immediately.

  • Sidecar (Recommended) Deploy alongside services to enforce PII boundaries at the source.

  • Centralized Layer Operate as a shared interception layer for policy enforcement and observability.

  • Edge / Constrained Environments Runs on low-memory systems (ARM64/AMD64) without degradation.

6. Compliance by Architecture

Bauxite reduces compliance scope by design:

  • No persistent storage of sensitive data
  • No raw PII sent to third-party LLM providers
  • Deterministic data handling guarantees

Supports:

  • GDPR
  • HIPAA
  • PCI-DSS

7. Conclusion

Most systems attempt to secure LLMs by adding complexity.

Bauxite does the opposite.

By combining:

  • Streaming redaction (no buffering)
  • Zero-disk guarantees
  • Fixed memory boundaries

…it enforces security through constraints, not expansion.

If sensitive data never leaves your system, it cannot leak.