Agent Development
Build AI agents with built-in guardrails using the @waymakerai/aicofounder-agent-sdk package. Every agent runs user inputs and LLM outputs through a configurable pipeline of 7 interceptors: rate limiting, injection detection, PII protection, compliance enforcement, content filtering, cost tracking, and audit logging.
Creating a Guarded Agent
The createGuardedAgent function creates an agent with a full guard pipeline. Configure which interceptors to enable, then call agent.run() to process messages. The pipeline runs in this order: rate limit, injection, PII, compliance, content, cost, audit.
import { createGuardedAgent } from '@waymakerai/aicofounder-agent-sdk';
const agent = createGuardedAgent({
// Required: which model to use
model: 'claude-sonnet-4-20250514',
// Optional: system instructions for the agent
instructions: 'You are a helpful customer service agent for Acme Corp.',
// Configure guards (or pass true for sensible defaults)
guards: {
// PII Protection
pii: {
mode: 'redact', // 'detect' | 'redact' | 'block'
onDetection: 'redact', // What to do when PII is found
},
// Prompt Injection
injection: {
sensitivity: 'medium', // 'low' | 'medium' | 'high'
onDetection: 'block', // 'block' | 'warn'
},
// Compliance (industry-specific rules)
compliance: {
frameworks: ['hipaa', 'gdpr'],
},
// Content Filtering
contentFilter: true, // Enable toxicity detection
// Cost Tracking
cost: {
budgetPeriod: 'day',
warningThreshold: 0.8, // Warn at 80% of budget
},
// Audit Logging
audit: {
destination: 'file', // 'console' | 'file' | 'custom'
filePath: './audit.log',
tamperProof: true, // SHA-256 hash chain
events: ['request', 'response', 'violation', 'cost', 'error'],
},
// Rate Limiting
rateLimit: {
maxRequests: 100,
windowMs: 60_000, // 1 minute window
},
},
});
// Run the agent
const result = await agent.run('I need to update my billing address to 123 Main St');
console.log(result.output); // The AI response (PII redacted if found)
console.log(result.blocked); // false (unless a guard blocked it)
console.log(result.violations); // Any guard violations found
console.log(result.cost); // Cost of this request
console.log(result.tokensUsed); // { input: 150, output: 200 }
console.log(result.guardsApplied); // ['rate-limit', 'injection', 'pii', 'compliance', ...]Quick Setup: Pass guards: true
Passing guards: true enables all 7 interceptors with sensible defaults. This is the fastest way to get a fully guarded agent.
// Quick setup with all defaults:
// - PII: redact mode
// - Injection: medium sensitivity, block on detection
// - Cost: daily budget tracking with 80% warning
// - Content filter: enabled
// - Audit: console logging
// - Rate limit: 100 requests per minute
const agent = createGuardedAgent({
model: 'claude-sonnet-4-20250514',
guards: true,
});The 7 Interceptors
Each interceptor implements processInput() and processOutput(). They run in a fixed order on every request and response. Any interceptor can block the request, transform the text, or add warnings.
RateLimitInterceptor
Runs first to prevent abuse before any processing. Uses a sliding window to count requests. When the limit is exceeded, the request is blocked immediately with a "rate limit exceeded" violation.
rateLimit: {
maxRequests: 100, // Max requests per window
windowMs: 60_000, // Window in milliseconds
}InjectionInterceptor
Scans input text for 40+ prompt injection patterns across 8 attack categories (direct, system_leak, jailbreak, role_manipulation, delimiter, encoding, context_manipulation, multi_language). Computes a 0-100 injection score and blocks if it exceeds the sensitivity threshold.
injection: {
sensitivity: 'medium', // 'low' (70) | 'medium' (45) | 'high' (25)
onDetection: 'block', // 'block' | 'warn'
}PIIInterceptor
Detects 14+ PII types (email, SSN, credit card, phone, IP, DOB, address, medical records, passport, driver's license) on both input and output. Can detect, redact, or block. Redacted text replaces original before reaching the LLM.
pii: {
mode: 'redact', // 'detect' | 'redact' | 'block'
onDetection: 'redact', // Action when PII is found
}ComplianceInterceptor
Enforces industry-specific compliance rules on AI outputs. Supports HIPAA (no medical advice, PHI protection), SEC/FINRA (financial disclaimers, no investment advice), GDPR, CCPA, and custom rules. Can block, redact, replace, or append disclaimers.
compliance: {
frameworks: ['hipaa', 'gdpr', 'sec'],
// Or pass custom ComplianceRule[] array
}ContentInterceptor
Toxicity detection across 7 categories: profanity, hate speech, violence, self-harm, sexual content, harassment, and spam. Critical and high severity findings block by default.
contentFilter: true, // Or configure with specific categories and thresholds
CostInterceptor
Tracks token usage and estimated cost per request. Records spending against a per-period budget. When the budget is exceeded, it can block further requests or issue warnings.
cost: {
budgetPeriod: 'day', // 'hour' | 'day' | 'week' | 'month'
warningThreshold: 0.8, // Warn at 80% of budget
// Budget amount is tracked cumulatively
}AuditInterceptor
Logs every event (request, response, tool_call, violation, cost, error) with timestamps, model info, and violation details. Supports console, file, and custom destinations. Optional SHA-256 hash chaining for tamper-proof audit trails.
audit: {
destination: 'file', // 'console' | 'file' | 'custom'
filePath: './audit.log',
events: ['request', 'response', 'violation', 'cost', 'error'],
includePayload: false, // Include text (up to 1000 chars)
tamperProof: true, // SHA-256 hash chain
}Pre-built Agent Factories
Four factory functions create agents with industry-specific guard configurations. Each factory pre-configures the interceptors appropriate for its compliance domain.
HIPAA Healthcare Agent
createHIPAAAgent(config)Pre-configured for healthcare applications. Enables PII redaction (focusing on PHI: SSN, medical records, date of birth), HIPAA compliance rules (no medical advice, PHI protection), audit logging with tamper-proof hashing, and rate limiting.
import { createHIPAAAgent } from '@waymakerai/aicofounder-agent-sdk';
const agent = createHIPAAAgent({
model: 'claude-sonnet-4-20250514',
instructions: `You are a healthcare information assistant. You provide
general health education but never diagnose conditions or recommend treatments.
Always direct patients to consult their healthcare provider.`,
});
const result = await agent.run('What are the symptoms of diabetes?');
// Output includes health education without medical advice
// PHI is automatically redacted from inputs and outputs
// All interactions are audit-loggedFinancial Services Agent
createFinancialAgent(config)Pre-configured for financial applications. Enables SEC/FINRA compliance (financial disclaimers, no specific investment advice), cost controls with strict budget limits, PII protection for financial data, and comprehensive audit logging.
import { createFinancialAgent } from '@waymakerai/aicofounder-agent-sdk';
const agent = createFinancialAgent({
model: 'claude-sonnet-4-20250514',
instructions: `You provide general financial education and market analysis.
You never recommend specific investments or provide personalized advice.`,
});
const result = await agent.run('Tell me about index fund investing');
// Financial disclaimers automatically appended
// Specific buy/sell recommendations blockedGDPR Compliance Agent
createGDPRAgent(config)Pre-configured for EU data protection. Enables GDPR PII protection (email, phone, address, IP address redaction), data minimization, consent-aware processing, and audit logging for accountability.
import { createGDPRAgent } from '@waymakerai/aicofounder-agent-sdk';
const agent = createGDPRAgent({
model: 'claude-sonnet-4-20250514',
instructions: 'You are a customer support assistant operating under GDPR.',
});
const result = await agent.run('My email is hans@example.de, please look up my order');
// Email is redacted before reaching the LLM
// Output is checked for any PII leakageGeneral Safety Agent
createSafeAgent(config)Maximum protection for general-purpose applications. Enables all 7 interceptors: PII redaction, injection blocking (high sensitivity), toxicity filtering, content filtering, cost tracking, rate limiting (100 req/min), and audit logging.
import { createSafeAgent } from '@waymakerai/aicofounder-agent-sdk';
const agent = createSafeAgent({
model: 'claude-sonnet-4-20250514',
instructions: 'You are a helpful assistant.',
});
// Full protection out of the box
const result = await agent.run(userInput);
// Check the guard report
const report = agent.getGuardReport();
console.log(report.totalRequests);
console.log(report.injectionAttempts);
console.log(report.totalCost);Custom Guard Pipeline
For advanced use cases, build a custom pipeline with individual interceptors. This gives you full control over the order and configuration of each interceptor.
import {
GuardPipeline,
PIIInterceptor,
InjectionInterceptor,
CostInterceptor,
AuditInterceptor,
} from '@waymakerai/aicofounder-agent-sdk';
// Build a custom pipeline
const pipeline = new GuardPipeline();
// Add interceptors in your preferred order
pipeline.use(new InjectionInterceptor({ sensitivity: 'high', onDetection: 'block' }));
pipeline.use(new PIIInterceptor({ mode: 'redact', onDetection: 'redact' }));
pipeline.use(new CostInterceptor({ budgetPeriod: 'day', warningThreshold: 0.8 }));
pipeline.use(new AuditInterceptor({
destination: 'file',
filePath: './custom-audit.log',
tamperProof: true,
}));
// Process input
const inputResult = await pipeline.processInput(userMessage, { model: 'claude-sonnet-4-20250514' });
if (inputResult.blocked) {
console.log('Blocked:', inputResult.reason);
} else {
const safeInput = inputResult.transformed || userMessage;
// Send safeInput to your LLM
const aiResponse = await callYourLLM(safeInput);
// Process output
const outputResult = await pipeline.processOutput(aiResponse, { model: 'claude-sonnet-4-20250514' });
const finalOutput = outputResult.transformed || aiResponse;
}
// Get pipeline stats
console.log(pipeline.stats);
console.log(pipeline.getViolations());
console.log(pipeline.getInterceptorNames());Tool Authorization
Wrap individual tool definitions with guards using guardTool(). The tool's handler is intercepted so that tool inputs are checked before execution and tool outputs are checked after execution.
import { guardTool } from '@waymakerai/aicofounder-agent-sdk';
// Define a tool
const databaseTool = {
name: 'query_database',
description: 'Query the customer database',
parameters: {
sql: { type: 'string', description: 'SQL query to execute' },
},
handler: async ({ sql }) => {
return await db.query(sql);
},
};
// Wrap it with guards
const guardedTool = guardTool(databaseTool, {
pii: { mode: 'redact', onDetection: 'redact' },
injection: { sensitivity: 'high', onDetection: 'block' },
audit: { destination: 'file', filePath: './tool-audit.log' },
});
// The guarded tool will:
// 1. Check the SQL input for injection patterns
// 2. Check input/output for PII and redact
// 3. Log the tool call to the audit trailMulti-Agent Orchestration
The @waymakerai/aicofounder-agents package provides typed messaging, pub/sub channels, and request/response patterns for coordinating multiple agents. Each agent can have its own guard configuration.
import { createGuardedAgent } from '@waymakerai/aicofounder-agent-sdk';
import { createMessageBroker, createChannel, createRequestChannel } from '@waymakerai/aicofounder-agents';
// Create specialized agents with different guard configs
const triageAgent = createGuardedAgent({
model: 'claude-sonnet-4-20250514',
instructions: 'You classify incoming support requests by urgency and topic.',
guards: { pii: { mode: 'redact', onDetection: 'redact' }, injection: { sensitivity: 'high', onDetection: 'block' } },
});
const healthAgent = createGuardedAgent({
model: 'claude-sonnet-4-20250514',
instructions: 'You handle health-related support inquiries.',
guards: { pii: { mode: 'redact', onDetection: 'redact' }, compliance: { frameworks: ['hipaa'] } },
});
const financeAgent = createGuardedAgent({
model: 'claude-sonnet-4-20250514',
instructions: 'You handle billing and financial inquiries.',
guards: { pii: { mode: 'redact', onDetection: 'redact' }, compliance: { frameworks: ['sec'] } },
});
// Set up message broker for inter-agent communication
const broker = createMessageBroker({ deliveryGuarantee: 'at-least-once' });
// Create typed channels
const taskChannel = createChannel<{ query: string; topic: string; urgency: string }>({
name: 'support-tasks',
type: 'topic',
});
// Request/response channel for synchronous coordination
const classifyChannel = createRequestChannel<
{ query: string },
{ topic: string; urgency: string }
>({ name: 'classify', timeout: 5000 });
// Triage agent classifies requests
broker.registerHandler(classifyChannel, async (request) => {
const result = await triageAgent.run(
`Classify this support request: "${request.payload.query}". Return JSON: { "topic": "health"|"finance"|"general", "urgency": "low"|"medium"|"high" }`
);
return JSON.parse(result.output);
});
// Route to specialized agents
async function handleSupportRequest(query: string) {
// Step 1: Classify
const classification = await broker.request(classifyChannel, { query });
// Step 2: Route to the right agent
const agent = classification.topic === 'health' ? healthAgent
: classification.topic === 'finance' ? financeAgent
: triageAgent;
// Step 3: Run with appropriate guards
return await agent.run(query);
}Guard Reports and Cost Tracking
Every guarded agent tracks its activity. Use getGuardReport() for a real-time summary, or generate formatted reports for compliance audits.
import {
createGuardedAgent,
generateCostReport,
formatCostReport,
generateComplianceReport,
formatComplianceReport,
} from '@waymakerai/aicofounder-agent-sdk';
const agent = createGuardedAgent({
model: 'claude-sonnet-4-20250514',
guards: true,
});
// After running the agent multiple times...
await agent.run('First message');
await agent.run('Second message');
// Get the guard report
const report = agent.getGuardReport();
console.log(report.totalRequests); // 2
console.log(report.totalCost); // $0.003
console.log(report.ppiDetections); // 0
console.log(report.injectionAttempts); // 0
console.log(report.complianceViolations); // 0
console.log(report.contentFiltered); // 0
console.log(report.rateLimitHits); // 0
console.log(report.auditEvents); // 4 (2 requests + 2 responses)
// Generate formatted reports
const costData = generateCostReport(agent);
console.log(formatCostReport(costData));
// Outputs: per-model token usage, spending, and budget remaining
const complianceData = generateComplianceReport(agent);
console.log(formatComplianceReport(complianceData));
// Outputs: violations by framework, severity breakdownSupported Models
The agent-sdk uses the Anthropic SDK as an optional peer dependency for LLM calls. If the Anthropic SDK is not installed, the agent processes all guards and returns the guarded input ready for any LLM provider.