[User Story] - Security Guardrails - PII - Implement Credit Card masking

[dantelmomsft]

Description
When agents generate response containing the full credit card number it must intercepted and masked before it got sent to chat

Current Behavior
The full credit card number is sent in clear text to the chat

Acceptance Criteria

• Only the last four digit of the credit card are shown in the chat.
• A unit test for each affected agent is created.

Design Consideration
Use agent framework middleware concept to intercept any agent generated text and check for full clear text credit card pattern.
If credit card number is detected mask value replacing it with only the last 4 digits.
Middleware implementation code samples:

• https://github.com/microsoft/agent-framework/blob/main/python/samples/getting_started/middleware/agent_and_run_level_middleware.py

Main affected modules and/or classes

• https://github.com/Azure-Samples/agent-openai-python-banking-assistant/blob/main/app/copilot/app/agents/azure_chat/account_agent.py
• https://github.com/Azure-Samples/agent-openai-python-banking-assistant/blob/main/app/copilot/app/agents/azure_chat/payment_agent.py
• https://github.com/Azure-Samples/agent-openai-python-banking-assistant/blob/main/app/copilot/app/agents/foundry/payment_agent_foundry.py
• https://github.com/Azure-Samples/agent-openai-python-banking-assistant/blob/main/app/copilot/app/agents/foundry/account_agent_foundry.py

References

• https://learn.microsoft.com/en-us/agent-framework/user-guide/agents/agent-middleware?pivots=programming-language-python