Idea: Safety scanning middleware for messages.create()

[MaxwellCalkin]

Problem

As Claude becomes more agentic (MCP tools, code generation, autonomous workflows), TypeScript/JavaScript applications need safety scanning at the API boundary. Common requirements:

• PII redaction before sending user data to the API
• Prompt injection detection on user inputs
• Output scanning for harmful content or dangerous tool calls
• Tool-use safety — scanning tool arguments for shell injection, data exfiltration

Proposal

A middleware/hook pattern in the SDK:

import Anthropic from '@anthropic-ai/sdk';

const client = new Anthropic();

// Intercept requests to scan inputs
client.on('request', (req) => {
  // Scan for prompt injection, redact PII
});

// Intercept responses to scan outputs
client.on('response', (res) => {
  // Check for harmful content, hallucination signals
});

This pattern is standard in JS (Express middleware, fetch interceptors) and would enable composable, drop-in safety scanning.

Existing Implementation

I built @sentinel-ai/sdk — a standalone TypeScript safety scanning library (zero dependencies) that does prompt injection detection, PII redaction, harmful content filtering, toxicity detection, tool-use safety, and obfuscation detection in <2ms.

The Python SDK counterpart (Sentinel AI) implements this as guarded_message() / guarded_stream() wrappers and an LLM API firewall proxy.

But a first-party middleware API would be cleaner than third-party wrappers.

(Cross-posted from anthropic-sdk-python#1227)