The proxy module is only available in Node.js and Bun. It is not included in the browser build.
Supported Providers
Integration Methods
From simplest to most flexible:Wrap an SDK Client
The simplest approach — wrap your existing OpenAI or Anthropic client:Custom Fetch
Replace thefetch function used by any SDK:
Proxy Middleware
For framework integration (Hono, Bun.serve, etc.):Standalone Proxy Server
Start a proxy server with one function call:Streaming Support
All proxy methods support streaming (SSE) responses. PII is rehydrated in each streamed chunk:Streaming Internals
PII placeholders like<PII type="EMAIL" id="1"/> can span SSE chunk boundaries. The proxy buffers incomplete tags across chunks and only rehydrates once a complete tag is available, so streaming rehydration is reliable regardless of how the upstream chunks its response.
You can disable streaming rehydration if needed:
Passthrough Behavior
The proxy only intercepts POST requests withapplication/json content type. Everything else is forwarded unchanged:
- Non-POST requests (GET, OPTIONS, etc.) — passed through to upstream
- Non-JSON content types — passed through to upstream
- Non-JSON responses — passed through with original status code
Tool Call Handling
The proxy automatically anonymizes and rehydrates tool/function call arguments. If the LLM returns a tool call whose arguments contain PII placeholders, Rehydra rehydrates them before your code sees the result. This works for both non-streaming and streaming responses:Automated Tool Execution Loop
For server-side agentic workflows, the proxy can manage the full multi-round tool execution loop automatically. Provide anonToolCall callback and the proxy will:
- Rehydrate tool call arguments (so your function receives real PII values)
- Call your callback with the tool name and parsed arguments
- Anonymize the tool result before sending it back to the LLM
- Repeat until the LLM responds with no tool calls, or
maxToolRoundsis reached
PII System Instruction
When PII is detected in an outgoing request, the proxy automatically injects a system instruction telling the LLM to preserve PII placeholder tags in its response. This prevents the model from inventing replacement values. The instruction is injected as an OpenAI system message or an Anthropic system field, depending on the provider. You can customize this behavior with thesystemInstruction config option:
Session Management
UsegetSessionId to associate requests with sessions. This enables consistent entity IDs and cross-request rehydration:
Error Handling
When the proxy encounters an error, it returns a JSON response with the following shape:Next Steps
Streaming
Stream-level anonymization for chunked text
Proxy API Reference
Complete proxy API documentation