feat(anonymization): implement anonymizeText mutation and associated service

- Added a new SQL migration to insert the 'anonymize.call' privilege into the privileges table.
- Introduced the `anonymizeText` mutation in the GraphQL schema, allowing users to anonymize sensitive text.
- Implemented the `AnonymizerService` to handle text anonymization requests via a REST API endpoint.
- Updated the GraphQL resolver to integrate the new mutation and ensure proper permission checks.
- Enhanced documentation with Swagger and OpenAPI specifications for the new endpoint.
- Added error handling for invalid requests and unavailable anonymizer configurations.

Author: asdek

backend/migrations/sql/20260510_120000_anonymize_privilege.sql

@@ -0,0 +1,16 @@
+-- +goose Up
+-- +goose StatementBegin
+
+INSERT INTO privileges (role_id, name) VALUES
+  (1, 'anonymize.call'),
+  (2, 'anonymize.call')
+  ON CONFLICT DO NOTHING;
+
+-- +goose StatementEnd
+
+-- +goose Down
+-- +goose StatementBegin
+
+DELETE FROM privileges WHERE name = 'anonymize.call';
+
+-- +goose StatementEnd

backend/pkg/graph/generated.go

@@ -11,6 +11,7 @@ import (
 	"pentagi/pkg/templates"
 
 	"github.com/sirupsen/logrus"
+	"github.com/vxcontrol/cloud/anonymizer"
 )
 
 // This file will not be regenerated automatically.
@@ -27,4 +28,5 @@ type Resolver struct {
 	Controller      controller.FlowController
 	Subscriptions   subscriptions.SubscriptionsController
 	Knowledge       knowledge.KnowledgeStore
+	Replacer        anonymizer.Replacer
 }

backend/pkg/graph/resolver.go

@@ -1027,6 +1027,7 @@ type Mutation {
   createKnowledgeDocument(input: CreateKnowledgeDocumentInput!): KnowledgeDocument!
   updateKnowledgeDocument(id: String!, input: UpdateKnowledgeDocumentInput!): KnowledgeDocument!
   deleteKnowledgeDocument(id: String!): ResultType!
+  anonymizeText(text: String!): String!
 }
 
 type Subscription {

backend/pkg/graph/schema.graphqls

@@ -140,6 +140,75 @@ const docTemplate = `{
                 }
             }
         },
+        "/anonymize/text": {
+            "post": {
+                "security": [
+                    {
+                        "BearerAuth": []
+                    }
+                ],
+                "description": "Replace sensitive data patterns (credentials, keys, PII, etc.) in the provided text with safe placeholders.",
+                "consumes": [
+                    "application/json"
+                ],
+                "produces": [
+                    "application/json"
+                ],
+                "tags": [
+                    "Anonymize"
+                ],
+                "summary": "Anonymize text",
+                "parameters": [
+                    {
+                        "description": "Text to anonymize",
+                        "name": "json",
+                        "in": "body",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/services.anonymizeTextRequest"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "anonymized text returned successfully",
+                        "schema": {
+                            "allOf": [
+                                {
+                                    "$ref": "#/definitions/SuccessResponse"
+                                },
+                                {
+                                    "type": "object",
+                                    "properties": {
+                                        "data": {
+                                            "$ref": "#/definitions/services.anonymizeTextResponse"
+                                        }
+                                    }
+                                }
+                            ]
+                        }
+                    },
+                    "400": {
+                        "description": "invalid request body",
+                        "schema": {
+                            "$ref": "#/definitions/ErrorResponse"
+                        }
+                    },
+                    "403": {
+                        "description": "anonymize.call permission required",
+                        "schema": {
+                            "$ref": "#/definitions/ErrorResponse"
+                        }
+                    },
+                    "503": {
+                        "description": "anonymizer is not configured",
+                        "schema": {
+                            "$ref": "#/definitions/ErrorResponse"
+                        }
+                    }
+                }
+            }
+        },
         "/assistantlogs/": {
             "get": {
                 "security": [
@@ -9683,6 +9752,25 @@ const docTemplate = `{
                 }
             }
         },
+        "services.anonymizeTextRequest": {
+            "type": "object",
+            "required": [
+                "text"
+            ],
+            "properties": {
+                "text": {
+                    "type": "string"
+                }
+            }
+        },
+        "services.anonymizeTextResponse": {
+            "type": "object",
+            "properties": {
+                "text": {
+                    "type": "string"
+                }
+            }
+        },
         "services.assistantlogs": {
             "type": "object",
             "properties": {