Parameters
Your original tool handler, exactly as you’d pass to
server.registerTool.Configuration for the wrapper.
SafetyCheckOptions
Name of the parameter on the handler input to validate. Only string values
are checked — non-string values are ignored.
When
true, prints a 🚨 Safety Check Alert: ... line to stdout when
content is flagged. Useful for local debugging. Defaults to false.Reserved for a future override of the safety endpoint. Currently the wrapper
always calls
https://api.sedata-ai.tech/security/safety-check.Returns
A new handler with the same signature. Internally:- Reads
params[options.parameterName]. - If it’s a string, calls
checkSafety(value)and writes the result toparams._safetyCheckso the instrumentation layer can attachmcp.safety_check.*attributes. - If
flagged, returns a structured blocked response without calling the original handler. - Otherwise calls the original handler with
params.
Blocked response
structuredContent.summary field is what most tools surface to the
caller. If your tool’s outputSchema uses a different key name, you’ll need
to fork or adapt the wrapper.
Example
Authentication
The wrapper uses the API key set duringinstrumentServer(...). Both
exporterAuth.apiKey and exporterAuth.token are forwarded as the
x-api-key header.
To override:
Failure modes
| Failure | Behavior |
|---|---|
| Network error | Logged. Handler runs. _safetyCheck.success = false. |
| Non-200 from safety API | Logged. Handler runs. _safetyCheck.success = false. |
parameterName not a string or missing | Handler runs without check. |
Span attributes added
When the wrapper runs, the active tool span receives:| Attribute | Type |
|---|---|
mcp.safety_check.content | string |
mcp.safety_check.flagged | boolean |
mcp.safety_check.latency_ms | number |
mcp.safety_check.success | boolean |
See also
checkSafety
The lower-level function that talks to the safety API.
Safety checks concept
What it means and when to use it.