I Built an Open-Source Security Middleware for LLMs, Here's How It Works

Most AI apps connect directly to OpenAI with zero middleware. No PII filtering. No injection defense. No spend caps. User input goes straight to a third-party API, emails, phone numbers, API keys, all of it. I built ShieldStack TS to fix this. It's a TypeScript middleware layer that sits between your app and any LLM provider, intercepting every request and response with sub-2ms overhead. In this article, I'll walk through the architecture, show the code, and explain the trade-offs I made.