DocumentationAgent Action Firewall
GitHub

Claude Integration

Integrate Agent Action Firewall with Anthropic's Claude for secure AI agent operations.

Overview

When using Claude for agentic tasks (tool use, function calling), the firewall ensures all actions are evaluated against your security policies before execution.

Integration Patterns

Tool Use Wrapper

Wrap Claude's tool execution with firewall validation:

TypeScript
import Anthropic from '@anthropic-ai/sdk';
import { AgentFirewallClient } from '@agent-action-firewall/sdk';

const anthropic = new Anthropic();
const firewall = new AgentFirewallClient({
  baseUrl: process.env.AGENT_FIREWALL_BASE_URL!,
  apiKey: process.env.AGENT_FIREWALL_API_KEY!,
  agentId: 'claude-agent',
});

// Define tools with firewall protection
const tools = [
  {
    name: 'http_request',
    description: 'Make an HTTP request',
    input_schema: {
      type: 'object',
      properties: {
        url: { type: 'string' },
        method: { type: 'string' },
        body: { type: 'object' },
      },
      required: ['url', 'method'],
    },
  },
];

async function executeToolWithFirewall(toolName: string, input: unknown) {
  // Submit to firewall for policy evaluation
  const response = await firewall.submitAction({
    tool: toolName,
    operation: (input as { method?: string }).method || 'GET',
    params: input as Record<string, unknown>,
  });

  if (response.status === 'denied') {
    return { error: 'Action denied by security policy' };
  }

  if (response.status === 'pending_approval') {
    const approved = await firewall.waitForApproval(response.id);
    if (approved.status !== 'allowed') {
      return { error: 'Action not approved' };
    }
  }

  // Execute the actual tool
  return executeHttpRequest(input);
}

async function runAgent(userMessage: string) {
  const response = await anthropic.messages.create({
    model: 'claude-sonnet-4-20250514',
    max_tokens: 1024,
    tools,
    messages: [{ role: 'user', content: userMessage }],
  });

  // Handle tool use
  for (const block of response.content) {
    if (block.type === 'tool_use') {
      const result = await executeToolWithFirewall(block.name, block.input);
      // Continue conversation with tool result...
    }
  }
}

Best Practices

Agent Identification

Use descriptive agent IDs to identify Claude instances in audit logs:

TypeScript
const firewall = new AgentFirewallClient({
  agentId: 'claude-customer-service-v2',  // Descriptive name
  // ...
});

Tool Categorization

Categorize tools by risk level for appropriate policy handling:

  • Low risk: Read operations, data retrieval
  • Medium risk: Data modifications, API calls
  • High risk: Financial operations, deletions
  • Critical: Admin operations, irreversible actions

Example: Customer Service Agent

TypeScript
// Customer service agent with firewall protection
async function handleCustomerRequest(customerId: string, request: string) {
  const response = await anthropic.messages.create({
    model: 'claude-sonnet-4-20250514',
    max_tokens: 1024,
    system: `You are a customer service agent.
             You can look up orders, update addresses, and process refunds.
             All actions are logged and may require approval.`,
    tools: [
      { name: 'lookup_order', ... },
      { name: 'update_address', ... },
      { name: 'process_refund', ... },
    ],
    messages: [{ role: 'user', content: request }],
  });

  // Process with firewall validation
  for (const block of response.content) {
    if (block.type === 'tool_use') {
      const result = await executeToolWithFirewall(block.name, {
        ...block.input,
        customerId, // Add context for policy evaluation
      });
    }
  }
}

Next Steps