AgentShieldAgentShield/Documentation
Get API Key

5-minute developer quickstart

AgentShield sits between your agent and your users. You keep your LLM — we scan the final reply for leaks, PII, and your custom rules.

  1. Step 1

    Create an API key

    Sign up, open the dashboard, and generate a key. Treat it like a password.

    Go to API keys

  2. Step 2

    Call /api/intercept

    Send the user message and model output. If blocked is true, do not show the reply to the user.

    curl -X POST https://agentshield-one.vercel.app/api/intercept \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_API_KEY" \
  -d '{
    "input": "What are strong password combinations?",
    "output": "Use 12+ characters with mixed case and a password manager."
  }'

  3. Step 3

    Use the SDK (optional)

    npm install agentshield-ai-sdk

    import { createClient } from "agentshield-ai-sdk"

const agentshield = createClient({
  apiKey: process.env.AGENTSHIELD_API_KEY!,
})

export async function chat(userMessage: string) {
  const aiResponse = await yourLlm.generate(userMessage)

  const result = await agentshield.intercept({
    input: userMessage,
    output: aiResponse,
  })

  if (result.blocked) {
    throw new Error(result.reason ?? "Blocked by guardrails")
  }

  return result.output ?? aiResponse
}

  4. Step 4

    Add rules & webhooks

    Block company-specific terms in the dashboard. Optional webhooks fire on every block with HMAC signatures.

    Rules →Webhooks →
    import { createHmac, timingSafeEqual } from "crypto"

export function verifyAgentShieldSignature(
  rawBody: string,
  signature: string | null,
  secret: string
) {
  if (!signature) return false
  const expected = createHmac("sha256", secret).update(rawBody).digest("hex")
  try {
    return timingSafeEqual(Buffer.from(signature), Buffer.from(expected))
  } catch {
    return false
  }
}

Health check

GET /api/health — no API key required.