Skip to content
reaatech

Files · Azure AI Email Guardrails for SMB Microsoft 365 Protection

70 (1 binary, 556.9 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·2543 B·markdown
markdown
# Azure AI Email Guardrails for SMB Microsoft 365 Protection
 
> A guardrail service that sits between Azure Open AI and Microsoft 365 email, redacting PII, blocking prompt injections, and repairing malformed LLM outputs before they reach a user's inbox.
 
## Problem
 
Email assistants powered by LLMs risk leaking sensitive data, executing prompt injections, exceeding cost budgets, or generating content outside permitted topics. This recipe builds a guardrail proxy that intercepts every `/chat/completions` call and applies a configurable chain of safety checks before forwarding to Azure OpenAI.
 
## Architecture
 
```
Client → (POST /chat/completions) → [Presidio PII → Injection Detect → CostPrecheck → TopicBoundary → Azure OpenAI → Output Repair] → Response
```
 
## Setup
 
| Variable | Description |
|---|---|
| `AZURE_OPENAI_ENDPOINT` | Azure OpenAI service endpoint URL |
| `AZURE_OPENAI_API_KEY` | Azure OpenAI API key |
| `AZURE_OPENAI_DEPLOYMENT` | Model deployment name (e.g. `gpt-4o`) |
| `AZURE_OPENAI_API_VERSION` | API version string (`2024-10-01-preview`) |
| `PROXY_PORT` | Port the guardrail proxy listens on (default `3001`) |
| `LANGFUSE_PUBLIC_KEY` | Langfuse observability public key |
| `LANGFUSE_SECRET_KEY` | Langfuse observability secret key |
| `LANGFUSE_HOST` | Langfuse host URL (`https://cloud.langfuse.com`) |
| `MICROSOFT_GRAPH_TENANT_ID` | Microsoft 365 tenant ID |
| `MICROSOFT_GRAPH_CLIENT_ID` | Microsoft 365 app registration client ID |
| `MICROSOFT_GRAPH_CLIENT_SECRET` | Microsoft 365 app registration client secret |
 
Copy `.env.example` to `.env.local` and fill in the values.
 
## Usage
 
Configure your email integration tool (e.g. Power Automate, custom mail client) to use `http://localhost:PROXY_PORT/chat/completions` as the Azure OpenAI endpoint. The proxy applies guardrails automatically.
 
```bash
pnpm install
pnpm dev
```
 
## Project structure
 
```
app/                    Next.js App Router (API routes, pages)
src/config/             Environment / provider configuration
src/chains/             Guardrail chain pipeline orchestration
src/services/           Individual guardrail services (PII, injection, etc.)
src/api/                API route handlers and middleware
src/types/              TypeScript type definitions
tests/                  Vitest test suite (mirrors src/)
```
 
## Testing
 
```bash
pnpm test          # vitest run with coverage
pnpm typecheck     # TypeScript type checking
pnpm lint          # ESLint
```
 
## License
 
MIT — see [LICENSE](./LICENSE).