You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a foundational DLP/PII preflight policy framework that can inspect user-provided content before SimpleChat sends it to external or component-specific capabilities. The first enforcement target should be web search: when web search is selected by a user or invoked by a workflow, the outgoing search input should be evaluated before it leaves SimpleChat.
User Value
Admins need a configurable way to reduce the risk of corporate knowledge, private information, or regulated data being sent to external search providers. Users should receive a clear content-safety-style message when a request is blocked, while admins should have enough logging and governance visibility to understand what happened.
Proposed Behavior
Provide a reusable policy framework that can be attached to SimpleChat capabilities, starting with web search.
Evaluate the user's chat prompt or workflow-provided search text before a web search request is sent externally.
Return a simple enforcement decision from each evaluator: pass, fail, and fail reason.
When evaluation fails, block the web search call and show a user-facing content safety/governance message.
Log policy decisions in a way that can align with existing content safety logging and reporting.
Provide an admin configuration surface, likely connected to governance/admin settings, for enabling policies and assigning them to capabilities.
Initial Capability Levels
Keyword and regex checks
Admins can define literal keywords, phrases, and regular expressions that should block or flag outgoing web search text.
The framework should capture a fail reason suitable for user messaging and admin logs.
LLM-based analysis
Admins can select one of their configured GPT deployments/endpoints for policy analysis.
Admins can write an explicit prompt that instructs the model how to evaluate the outgoing text.
The model output should be constrained to a pass/fail decision and a fail reason.
External analyzer integration
Add the ability to call an external analyzer service such as Microsoft Presidio Analyzer.
Admin configuration should support endpoint URL and authentication details.
Analyzer output should map into the same pass/fail/fail-reason contract used by the framework.
Acceptance Criteria
A reusable policy/evaluator abstraction exists for preflight checks before capability execution.
Web search is the first wired capability and cannot send blocked text externally.
Keyword and regex policies can be configured and evaluated for web search prompts.
The enforcement result supports pass, fail, and fail reason in a consistent contract.
Failed checks produce a user-facing content safety/governance message instead of running web search.
Policy decisions are logged consistently with, or adjacent to, existing content safety logging/reporting.
Admin configuration supports enabling the framework and assigning policies to web search.
Design leaves clear extension points for LLM-based analysis and external analyzers such as Presidio.
Tests cover allowed search text, keyword block, regex block, failure messaging, and the no-external-call-on-fail path.
Documentation explains the initial web search behavior, admin configuration, and future extension model.
Notes
Treat this as a foundation for capability-level governance across SimpleChat, not only a web-search-specific filter.
Explore whether the configuration belongs on the existing governance page, admin settings, or a dedicated policy section.
This is conceptually similar to custom content safety for outbound capability calls, with a focus on preventing sensitive corporate or private information from leaving the application.
Future work may expand the same framework to other tools, actions, plugins, and workflow components.
Summary
Add a foundational DLP/PII preflight policy framework that can inspect user-provided content before SimpleChat sends it to external or component-specific capabilities. The first enforcement target should be web search: when web search is selected by a user or invoked by a workflow, the outgoing search input should be evaluated before it leaves SimpleChat.
User Value
Admins need a configurable way to reduce the risk of corporate knowledge, private information, or regulated data being sent to external search providers. Users should receive a clear content-safety-style message when a request is blocked, while admins should have enough logging and governance visibility to understand what happened.
Proposed Behavior
Initial Capability Levels
Keyword and regex checks
LLM-based analysis
External analyzer integration
Acceptance Criteria
Notes