Feature Request: Customer-facing Q&A interface for anonymized assessment data

Resolved 💬 3 comments Opened Dec 10, 2025 by SDS-Mike Closed Feb 11, 2026

Feature Request

Summary

Add a customer-facing chat interface in the tool portal website where customers can ask questions about their anonymized Microsoft 365 security assessment data using Claude Haiku.

Use Case

After an assessment is completed, customers should be able to:

  • Ask clarifying questions about their findings (e.g., "What does the inactive users finding mean for my organization?")
  • Request more detail on specific recommendations
  • Ask follow-up questions like "How do I implement this in Azure Portal?"
  • Get help understanding compliance mappings

Proposed Implementation

  1. Chat Interface: Add a chat widget to the customer portal after assessment completion
  2. Context Injection: Inject the customer's sanitized (Tier 2) metrics as context for each conversation
  3. Model: Use Claude Haiku 4.5 for fast, cost-effective responses
  4. Guardrails:
  • Only allow questions about their own assessment data
  • Limit conversation to security posture topics
  • No access to raw (Tier 1) data - only sanitized metrics

Security Considerations

  • Zero-knowledge architecture maintained: Claude only sees Tier 2 (anonymized) data
  • Customer can only query their own assessment
  • Session-scoped conversations with automatic cleanup

Technical Notes

  • Leverage existing get_prompt_for_tier() infrastructure
  • Add new "chat" prompt template optimized for Q&A
  • Track token usage in Opik for cost monitoring
  • Consider rate limiting per assessment

Priority

Medium - enhances customer value without blocking core assessment functionality

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗