Skip to content

Add configurable DLP/PII preflight policy framework for web search #992

Description

@paullizer

Summary

Add a foundational DLP/PII preflight policy framework that can inspect user-provided content before SimpleChat sends it to external or component-specific capabilities. The first enforcement target should be web search: when web search is selected by a user or invoked by a workflow, the outgoing search input should be evaluated before it leaves SimpleChat.

User Value

Admins need a configurable way to reduce the risk of corporate knowledge, private information, or regulated data being sent to external search providers. Users should receive a clear content-safety-style message when a request is blocked, while admins should have enough logging and governance visibility to understand what happened.

Proposed Behavior

  • Provide a reusable policy framework that can be attached to SimpleChat capabilities, starting with web search.
  • Evaluate the user's chat prompt or workflow-provided search text before a web search request is sent externally.
  • Return a simple enforcement decision from each evaluator: pass, fail, and fail reason.
  • When evaluation fails, block the web search call and show a user-facing content safety/governance message.
  • Log policy decisions in a way that can align with existing content safety logging and reporting.
  • Provide an admin configuration surface, likely connected to governance/admin settings, for enabling policies and assigning them to capabilities.

Initial Capability Levels

  1. Keyword and regex checks

    • Admins can define literal keywords, phrases, and regular expressions that should block or flag outgoing web search text.
    • The framework should capture a fail reason suitable for user messaging and admin logs.
  2. LLM-based analysis

    • Admins can select one of their configured GPT deployments/endpoints for policy analysis.
    • Admins can write an explicit prompt that instructs the model how to evaluate the outgoing text.
    • The model output should be constrained to a pass/fail decision and a fail reason.
  3. External analyzer integration

    • Add the ability to call an external analyzer service such as Microsoft Presidio Analyzer.
    • Admin configuration should support endpoint URL and authentication details.
    • Analyzer output should map into the same pass/fail/fail-reason contract used by the framework.

Acceptance Criteria

  • A reusable policy/evaluator abstraction exists for preflight checks before capability execution.
  • Web search is the first wired capability and cannot send blocked text externally.
  • Keyword and regex policies can be configured and evaluated for web search prompts.
  • The enforcement result supports pass, fail, and fail reason in a consistent contract.
  • Failed checks produce a user-facing content safety/governance message instead of running web search.
  • Policy decisions are logged consistently with, or adjacent to, existing content safety logging/reporting.
  • Admin configuration supports enabling the framework and assigning policies to web search.
  • Design leaves clear extension points for LLM-based analysis and external analyzers such as Presidio.
  • Tests cover allowed search text, keyword block, regex block, failure messaging, and the no-external-call-on-fail path.
  • Documentation explains the initial web search behavior, admin configuration, and future extension model.

Notes

  • Treat this as a foundation for capability-level governance across SimpleChat, not only a web-search-specific filter.
  • Explore whether the configuration belongs on the existing governance page, admin settings, or a dedicated policy section.
  • This is conceptually similar to custom content safety for outbound capability calls, with a focus on preventing sensitive corporate or private information from leaving the application.
  • Future work may expand the same framework to other tools, actions, plugins, and workflow components.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestsecurity_improvementThis issue results in an improvement to security

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
Pending Evaluation

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions