Skip to content
reaatech

Files · xAI Grok Security Guardrails for Multi-Tenant SMB Chat

69 (1 binary, 531.8 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·4972 B·markdown
markdown
# xAI Grok Security Guardrails for Multi-Tenant SMB Chat
 
> Enforce PII redaction, content safety policies, and per-tenant guardrails on every xAI Grok-powered chatbot interaction for multi-tenant SaaS.
 
A reference recipe showing how to build a composable, configurable safety stack for multi-tenant AI chat using `@reaatech/guardrail-chain` and Microsoft Presidio's `hai-guardrails`.
 
## Quick Start
 
```bash
cp .env.example .env
# Edit .env — set XAI_API_KEY to your xAI API key
pnpm dev
```
 
Send a chat message:
 
```bash
curl -X POST http://localhost:3000/api/chat \
  -H 'Content-Type: application/json' \
  -d '{"message":"Hello","tenantId":"default"}'
```
 
## Architecture
 
```
User message → Input guardrails (RateLimiter → CostPrecheck → PIIRedaction →
  PresidioGuardrail → PromptInjection → TopicBoundary) → xAI Grok →
  Output guardrails (PIIScan → ToxicityFilter → HallucinationCheck) → Response
```
 
### Guardrail pipeline
 
| Phase | Guardrail | Source |
|-------|-----------|--------|
| Input | `RateLimiter` | `@reaatech/guardrail-chain-guardrails` |
| Input | `CostPrecheck` | `@reaatech/guardrail-chain-guardrails` |
| Input | `PIIRedaction` | `@reaatech/guardrail-chain-guardrails` |
| Input | `PresidioGuardrail` | Custom wrapper around `@presidio-dev/hai-guardrails` |
| Input | `PromptInjection` | `@reaatech/guardrail-chain-guardrails` (high sensitivity) |
| Input | `TopicBoundary` | `@reaatech/guardrail-chain-guardrails` |
| Output | `PIIScan` | `@reaatech/guardrail-chain-guardrails` |
| Output | `ToxicityFilter` | `@reaatech/guardrail-chain-guardrails` |
| Output | `HallucinationCheck` | `@reaatech/guardrail-chain-guardrails` |
 
### Multi-tenancy
 
Per-tenant configuration is loaded from YAML files via `@reaatech/guardrail-chain-config`. Each tenant gets its own budget, enabled guardrails, and observability settings. Configs are cached with a 5-minute TTL.
 
### Observability
 
Guardrail execution is logged via pino through `@reaatech/guardrail-chain-observability`'s module-level singletons. Metrics counters and histograms are emitted as structured JSON. Langfuse export is enabled when `LANGFUSE_PUBLIC_KEY` and `LANGFUSE_SECRET_KEY` are set.
 
## API Reference
 
### `POST /api/chat`
 
**Request:**
```json
{
  "message": "string (required)",
  "tenantId": "string (optional, falls back to X-Tenant-Id header)",
  "userId": "string (optional)",
  "sessionId": "string (optional)"
}
```
 
**Success (200):**
```json
{
  "reply": "AI response text",
  "blocked": false,
  "correlationId": "uuid",
  "usage": { "inputTokens": 5, "outputTokens": 3 }
}
```
 
**Blocked by input guardrails (403):**
```json
{
  "reply": "",
  "blocked": true,
  "failedGuardrail": "prompt-injection",
  "correlationId": "uuid"
}
```
 
**Blocked by output guardrails (422):**
```json
{
  "reply": "LLM output before blocking",
  "blocked": true,
  "failedGuardrail": "toxicity-filter",
  "correlationId": "uuid"
}
```
 
### `GET /api/chat`
 
Health check — returns `200` with `{"status":"ok"}`.
 
## Configuration
 
### Environment variables
 
| Variable | Default | Description |
|----------|---------|-------------|
| `XAI_API_KEY` | — | xAI Grok API key |
| `XAI_API_BASE_URL` | `https://api.x.ai/v1` | API base URL |
| `XAI_MODEL` | `grok-2` | Model name |
| `GUARDRAIL_CHAIN_BUDGET_MAX_LATENCY_MS` | `1000` | Max guardrail chain latency |
| `GUARDRAIL_CHAIN_BUDGET_MAX_TOKENS` | `8000` | Max token budget |
| `LANGFUSE_PUBLIC_KEY` | — | Langfuse public key (optional) |
| `LANGFUSE_SECRET_KEY` | — | Langfuse secret key (optional) |
| `LOG_LEVEL` | `info` | Pino log level |
 
### Tenant YAML configs
 
Place YAML files in `config/tenants/<tenantId>.yaml`. Example:
 
```yaml
# config/tenants/tenant-alpha.yaml
budget:
  maxLatencyMs: 2000
  maxTokens: 4000
guardrails:
  - id: topic-boundary
    type: input
    enabled: true
    priority: 5
```
 
## Project layout
 
```
app/api/chat/route.ts      Chat API handler
src/types.ts               Shared TypeScript types
src/lib/observability.ts   Pino + guardrail-chain-observability setup
src/services/              Tenant config loader + xAI client
src/middleware/             Guardrail chain builder + Presidio wrapper
tests/                     Vitest test suite (48 tests, 90%+ coverage)
config/tenants/            Per-tenant YAML config files
```
 
## Packages used
 
- `@reaatech/guardrail-chain` — Core chain orchestration, budget management, types
- `@reaatech/guardrail-chain-config` — YAML/env config loader with Zod validation
- `@reaatech/guardrail-chain-guardrails` — Built-in guardrails (PII, injection, toxicity, etc.)
- `@reaatech/guardrail-chain-observability` — Logger, metrics, tracer singletons
- `@presidio-dev/hai-guardrails` — Microsoft Presidio injection + PII guards
- `openai` — OpenAI SDK (compatible with xAI Grok API)
- `pino` — Structured logging
- `langfuse` — Optional LLM observability export
 
## License
 
MIT — see [LICENSE](./LICENSE).