Shield SDKProvider Wrappers
Groq Provider
Wrap your Groq client with Shield protection for automatic prompt hardening, injection detection, and output sanitization.
Groq Provider
The shieldGroq wrapper adds transparent security to your existing Groq client. It intercepts every chat.completions.create call to harden system prompts, detect injections in user messages, and sanitize leaked content from responses.
Usage
import Groq from "groq-sdk";
import { shieldGroq } from "@zeroleaks/shield/groq";
const client = shieldGroq(new Groq(), {
systemPrompt: "You are a support agent...",
});
const response = await client.chat.completions.create({
model: "llama-3.3-70b-versatile",
messages: [
{ role: "system", content: "You are a support agent..." },
{ role: "user", content: userInput },
],
});How It Works
On every call to chat.completions.create, Shield:
- Clones the messages array (never mutates your original objects)
- Hardens any
systemmessage with security rules (unlessharden: false) - Scans every
usermessage for injection patterns (unlessdetect: false) - Calls the original Groq API
- Sanitizes the response text for leaked system prompt fragments (unless
sanitize: false)
Options
| Option | Type | Default | Description |
|---|---|---|---|
systemPrompt | string | — | The system prompt to protect (used for output sanitization) |
harden | HardenOptions | false | {} | Hardening options, or false to disable |
detect | DetectOptions | false | {} | Detection options, or false to disable |
sanitize | SanitizeOptions | false | {} | Sanitization options, or false to disable |
streamingSanitize | "buffer" | "chunked" | "passthrough" | "buffer" | "buffer": full buffer. "chunked": 8KB chunks. "passthrough": skip sanitization. |
streamingChunkSize | number | 8192 | Chunk size for "chunked" mode |
throwOnLeak | boolean | false | When true, throw LeakDetectedError instead of redacting |
onDetection | "block" | "warn" | "block" | "block" throws an error, "warn" calls the callback only |
onInjectionDetected | (result) => void | — | Callback when injection is detected |
onLeakDetected | (result) => void | — | Callback when output leak is detected |
Multi-part Messages
Groq supports content as string | ContentPart[] (e.g. text + images). Shield extracts text from all parts for injection detection and hardening.
Streaming
Use streamingSanitize: "chunked" for long streams to limit memory (~8KB at a time). Use "passthrough" to skip sanitization when you accept the risk.