Skip to content
reaatech

Files · OpenRouter PII Redaction Gateway for SMB Support

64 (1 binary, 550.3 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·3669 B·markdown
markdown
# OpenRouter PII Redaction Gateway for SMB Support
 
> A deployable Express proxy that inspects every AI request, strips PII with hai-guardrails, and blocks prompt injections before they reach any model via OpenRouter.
 
SMB customer support teams frequently paste emails and chat transcripts into AI tools, leaking customer PII without realising it. This gateway sits between support agents and OpenRouter, using `@reaatech/guardrail-chain` to chain PII detection, content filters, and injection checks.
 
## Architecture
 
```
User → POST /api/proxy → Guardrail Chain (PII → Injection → Tool Firewall) → Budget Check → OpenRouter → Response
                ↑                                                                                      ↓
           Admin Panel ←─── Cost + Decision Logging (llm-cost-telemetry + Langfuse) ←─────────────────┘
```
 
- **guardrail service**: wraps `@presidio-dev/hai-guardrails` (PII redaction + injection detection) and `@reaatech/tool-use-firewall-core` (credential scanning) into `Guardrail` classes consumed by `@reaatech/guardrail-chain`.
- **OpenRouter proxy**: forward approved requests using the OpenAI SDK (`client.chat.completions.create`) pointed at `https://openrouter.ai/api/v1`.
- **Cost tracking**: records every proxied call as a `CostSpan` via `@reaatech/llm-cost-telemetry` and sends traces to Langfuse.
- **Admin panel**: per-tenant configuration (PII mode, injection threshold, daily budget) served at `/admin`.
 
## Prerequisites
 
Copy `.env.example` to `.env` and fill in the values (see the file for every required env var). Key variables:
 
- `OPENROUTER_API_KEY` — API key from https://openrouter.ai/keys
- `LANGFUSE_PUBLIC_KEY` / `LANGFUSE_SECRET_KEY` — from https://langfuse.com
- `ADMIN_API_KEY` — server-side key for the admin config endpoints
 
## Quick start
 
```bash
pnpm install
pnpm dev        # start Next.js dev server
pnpm test       # vitest run with coverage
pnpm typecheck  # TypeScript type checking
pnpm lint       # ESLint
```
 
## API reference
 
### POST /api/proxy
 
Forward a chat-completion request through the guardrail chain:
 
```json
{
  "model": "openai/gpt-5.2",
  "messages": [
    { "role": "user", "content": "Hello" }
  ],
  "tools": [],
  "tenantId": "acme-corp"
}
```
 
**Blocked response (403):** `{ "blocked": true, "reason": "pii-redaction" }`
 
**Budget exceeded (429):** `{ "blocked": true, "reason": "budget_exceeded", "dailyPercentage": 120 }`
 
### GET /api/admin/config
 
Returns current tenant configurations. No authentication required.
 
### POST /api/admin/config
 
Update a tenant's guardrail configuration. Requires `x-api-key` header matching `ADMIN_API_KEY`.
 
## Configuration
 
Guardrail chain behaviour is defined in `src/config/rules.yaml`:
 
```yaml
budget:
  maxLatencyMs: 1000
  maxTokens: 8000
  skipSlowGuardrailsUnderPressure: true
guardrails:
  - id: pii-redaction
    type: input
    enabled: true
    essential: true
    priority: 10
```
 
Individual fields can be overridden via environment variables using the `GUARDRAIL_CHAIN_` prefix (e.g. `GUARDRAIL_CHAIN_BUDGET_MAX_LATENCY_MS=2000`).
 
## Related packages
 
- `@reaatech/guardrail-chain` — guardrail orchestration framework
- `@reaatech/guardrail-chain-config` — YAML/env config loader
- `@reaatech/tool-use-firewall-core` — tool-use policy enforcement
- `@reaatech/llm-cost-telemetry` — cost tracking and budgets
- `@presidio-dev/hai-guardrails` — PII and injection detection
- `openai` — SDK for OpenRouter-compatible requests
- `langfuse` — LLM observability and tracing
 
## License
 
MIT — see [LICENSE](./LICENSE).