Performance Characteristics
Latency, throughput, and session blob size characteristics by detector mode and payload size
Transform Latency by Detector Mode
| Mode | p50 | p95 | p99 | Notes |
|---|---|---|---|---|
builtin (regex only) | Under 1ms | Under 2ms | Under 5ms | Fastest. No external dependencies. |
both (builtin + NER healthy) | 10-50ms | 50-100ms | 100-200ms | NER adds network round-trip + model inference. |
both (NER configured, unavailable) | 5s | 5s | 5s | Waits for NER timeout (configurable, default 5s), then falls back to builtin. |
advanced (NER only) | 10-50ms | 50-100ms | 200ms | All detection via Python sidecar. |
Rehydrate Latency
| Size | p50 | p95 | p99 |
|---|---|---|---|
| Small (under 100 chars) | Under 0.1ms | Under 0.5ms | Under 1ms |
| Medium (1-5KB) | Under 0.5ms | Under 1ms | Under 2ms |
| Large (10-100KB) | Under 2ms | Under 5ms | Under 10ms |
Rehydrate is typically fast -- it's a local string replacement operation with no external calls.
Session Seal/Unseal
| Operation | Latency |
|---|---|
| Seal (AES-256-GCM encrypt) | Under 0.1ms |
| Unseal (decrypt + validate) | Under 0.1ms |
Session Blob Size
| Entities | Blob Size | Per-Entity |
|---|---|---|
| 1 | ~400 bytes | ~400 bytes |
| 10 | ~2 KB | ~200 bytes |
| 50 | ~10 KB | ~200 bytes |
| 100 | ~20 KB | ~200 bytes |
| 500 | ~100 KB | ~200 bytes |
| 1000 | ~200 KB | ~200 bytes |
Blob size grows linearly -- approximately 200 bytes per entity.
Throughput
| Mode | Ops/sec (single core) |
|---|---|
| Builtin only | >1000 |
| Builtin + NER | 20-50 (limited by NER round-trip) |
Recommendations
For lowest latency
detector:
mode: builtinDetects: email, phone, SSN, IBAN, credit card, IP, URL, order, customer ID, passport, health ID, address, DOB. Does NOT detect: person names, company names, locations (requires NER).
For best coverage
detector:
mode: both
advanced_url: http://localhost:9090Detects all entity types including person, company, location via GLiNER/spaCy. Latency depends on NER sidecar performance.
If NER sidecar is sometimes unavailable
The system automatically falls back to builtin-only detection when the NER sidecar is unreachable (5-second timeout). Health endpoint shows current detector status.
To avoid the 5-second timeout penalty on each request when NER is down:
- Monitor health endpoint for detector status
- If NER is down, switch to
mode: builtinuntil it recovers - Or accept the 5s penalty per request (subsequent requests in the same connection are fast if using connection pooling)