Skip to content
reaatech

Files · LangChain Security Guardrails for SMB E-commerce Support Bots

65 (1 binary, 527.7 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·3376 B·markdown
markdown
# LangChain Security Guardrails for SMB E-commerce Support Bots
 
> Add runtime prompt injection defense, PII redaction, and content safety filters to LangChain-powered chat agents without changing a single agent definition.
 
A tutorialized reference solution from [reaatech.com](https://reaatech.com), demonstrating how to build production-grade AI systems with the `@reaatech/*` package family.
 
## Problem
 
SMB e-commerce support bots built with LangChain often lack enterprise-grade safety controls. A single prompt injection or exposure of customer PII can lead to compliance fines and reputation damage, but baked-in safety is hard to retrofit.
 
## Architecture
 
```
User prompt → hai-guardrails engine → Guardrail chain input phase (PII redaction, prompt injection) → LangGraph agent → Guardrail chain output phase (PII scan, hallucination check, toxicity filter) → Response
```
 
The Express middleware wraps this flow transparently — existing LangChain/LangGraph agents remain unchanged, while every call is protected by configurable guardrails.
 
## Quick Start
 
```bash
git clone <repo>
pnpm install
cp .env.example .env
# Set OPENAI_API_KEY in .env
pnpm run dev
# Send POST /api/chat with {"prompt": "Hello"}
```
 
## Configuration
 
Config files:
 
- `src/config/guardrail.config.json` — budget, guardrails, observability settings
- `.env` — environment variables (copy from `.env.example`)
 
Env vars:
 
| Var | Required | Description |
|-----|----------|-------------|
| `OPENAI_API_KEY` | Yes | OpenAI API key for ChatOpenAI |
| `PORT` | No | Express server port (default 3001) |
| `LANGFUSE_PUBLIC_KEY` | No | Langfuse tracing public key |
| `LANGFUSE_SECRET_KEY` | No | Langfuse tracing secret key |
| `LANGFUSE_HOST` | No | Langfuse host URL |
| `GUARDRAIL_CHAIN_CONFIG` | No | Full JSON config override for guardrail chain |
| `GUARDRAIL_CHAIN_BUDGET_MAX_LATENCY_MS` | No | Max latency budget in ms (default 1000) |
| `GUARDRAIL_CHAIN_BUDGET_MAX_TOKENS` | No | Max token budget (default 8000) |
 
## API Reference
 
### POST /api/chat
 
Request: `{ "prompt": string, "userId"?: string, "sessionId"?: string }`
 
- 200: `{ "response": string }`
- 403: `{ "blocked": true, "guard": string }`
- 400: `{ "error": "prompt is required" }`
 
### GET /api/health
 
- 200: `{ "status": "ok" }`
 
## Dependencies
 
| Package | Version | Role |
|---------|---------|------|
| `@reaatech/guardrail-chain` | 0.1.0 | Foundation — chain orchestration |
| `@reaatech/guardrail-chain-config` | 0.1.0 | Foundation — config loader |
| `@reaatech/guardrail-chain-guardrails` | 0.1.0 | Foundation — built-in guardrails |
| `@reaatech/guardrail-chain-observability` | 0.1.0 | Supporting — logging, metrics, tracing |
| `@langchain/openai` | 1.4.7 | Provider — OpenAI chat model |
| `@langchain/langgraph` | 1.4.2 | Provider — LangGraph agent |
| `@presidio-dev/hai-guardrails` | 1.12.0 | Provider — PII & injection detection |
| `langfuse` | 3.38.20 | Observability — LLM tracing |
| `zod` | 4.4.3 | Validation — config schemas |
| `express` | 5.2.1 | Web framework — middleware layer |
 
## Testing
 
```bash
pnpm test          # Run vitest with coverage
pnpm typecheck     # TypeScript check
pnpm lint          # ESLint
```
 
Tests mock external HTTP calls with MSW. Coverage targets ≥90% on runtime code.
 
## License
 
MIT — see LICENSE file for details.