Files · Anthropic Security Guardrails for Microsoft Teams SMB Communication
83 (1 binary, 551.3 kB total)attempt 1
README.md·3789 B·markdown
markdown
# Anthropic Security Guardrails for Microsoft Teams SMB Communication
> Real‑time PII redaction, prompt‑injection defense, and toxic‑content blocking for AI chat agents embedded in Microsoft Teams, keeping SMB conversations safe and compliant.
A tutorialized reference solution from [reaatech.com](https://reaatech.com), demonstrating how to build production-grade AI systems with the `@reaatech/*` package family.
## Problem
SMBs adding AI assistants to Microsoft Teams face immediate risks: a malicious prompt injection could exfiltrate customer data, unredacted PII could violate GDPR, and toxic replies could harm brand trust — all because there's no safety net between the Teams chat and the LLM.
## Architecture
The **Guardrail Chain** from REAA intercepts every inbound and outbound Teams message, applying a multi‑stage safety pipeline:
1. **PII Redaction** — `@presidio-dev/hai-guardrails` detects and redacts emails, phone numbers, SSNs, and credit card numbers.
2. **Prompt Injection Classification** — Anthropic Claude Haiku classifies each message as SAFE or BLOCKED, catching jailbreak and instruction‑injection attempts.
3. **Toxicity Filtering** — `@presidio-dev/hai-guardrails` scores content for hate speech, harassment, and profanity.
The chain is orchestrated by `@reaatech/guardrail-chain` with config from `@reaatech/guardrail-chain-config` and observability from `@reaatech/guardrail-chain-observability`. Guardrail results are cached with `CachedGuardrail` to avoid redundant processing.
## Prerequisites
- Anthropic API key ([platform.claude.com/settings/keys](https://platform.claude.com/settings/keys))
- Microsoft Azure AD app registration with `ChannelMessage.Read.All` permission
- Node.js >=22, pnpm
## Getting started
```bash
pnpm install
cp .env.example .env # configure your API keys
pnpm test # vitest run with coverage
pnpm dev # next dev
```
## API routes
| Route | Method | Description |
|---|---|---|
| `POST /api/graph/webhook` | POST | Receives Microsoft Graph change notifications for Teams channel messages |
| `GET /api/graph/webhook` | GET | Handles subscription validation (returns `validationToken` as `text/plain`) |
| `GET /api/status` | GET | Health check — returns `{ status: "ok", uptime }` |
| `GET /api/metrics` | GET | Returns counters, histograms, and gauges from the guardrail chain |
## Microsoft Graph subscription setup
1. Register an Azure AD app, grant `ChannelMessage.Read.All` application permission.
2. Create a subscription pointing at `https://your-host/api/graph/webhook`.
3. The guardrail chain processes each incoming message before forwarding to the LLM.
## Configuration
See `guardrail.config.yaml` for guardrail‑chain YAML configuration. Environment overrides use the `GUARDRAIL_CHAIN_` prefix:
```bash
GUARDRAIL_CHAIN_BUDGET_MAX_LATENCY_MS=500
GUARDRAIL_CHAIN_BUDGET_MAX_TOKENS=4000
```
## Testing
```bash
pnpm test # vitest run with coverage
pnpm typecheck # TypeScript type checking
pnpm lint # ESLint
```
## Project layout
```
app/ Next.js App Router pages + API routes
src/config/ Guardrail chain configuration (YAML loader, Zod validation)
src/observability/ Logger, metrics, and tracing (ConsoleLogger, in-memory MetricsCollector, custom Tracer)
src/guard/ Guardrail adapters (PII, injection, toxicity) + chain orchestration + handler
src/graph/ Microsoft Graph auth, subscription management, notification parsing
tests/ vitest suite (mirrors src/)
guardrail.config.yaml Default guardrail chain configuration
packages/ API references for every dependency (read these first)
```
## License
MIT — see [LICENSE](./LICENSE).