PII detection expansion, admin approval gate, and on-prem fallback

Four new detection plugins ship by default: API keys and bearer tokens, employee IDs (including localized variants), client identifiers paired with monetary or contractual context, and references to a customer’s own internal systems. Each plugin is configurable per tenant.

Plugins can now flag a request for administrator review, blocking the LLM call until an admin approves or rejects it from the admin console. Administrators can also nominate an on-premise model to handle flagged content automatically, keeping sensitive prompts off external providers.

Each plugin’s action — block, redact, flag, or allow — is now configurable per-plugin or globally without a code change. Detector plugins fail closed: if a detector errors, the request is blocked rather than silently passing through.

No action required. Existing plugin configurations are honored.