Claude Agent SDK

The Claude Agent SDK lets you build agentic applications on top of the same runtime that powers Claude Code. Glitch covers Agent SDK traffic with zero additional configuration because the SDK delegates to the Claude Code binary, which honors the same ANTHROPIC_BASE_URL redirect Claude Code uses.

How the SDK reaches the API

Both claude-agent-sdk (Python) and @anthropic-ai/claude-agent-sdk (TypeScript) are thin wrappers around the Claude Code binary — the TypeScript package even bundles a native Claude Code as a dependency. Your code never speaks to api.anthropic.com directly.

flowchart TD
    A["<b>Your code</b><br/><br/>claude-agent-sdk (Python or TS)"]
    B["<b>Claude Code binary</b><br/><br/>spawned subprocess<br/>reads ANTHROPIC_BASE_URL + auth env"]
    C["<b>Glitch sensor</b><br/><br/>tenant auth → detection → forward"]
    D["<b>api.anthropic.com</b>"]

    A --> B
    B --> C
    C --> D

    style A fill:#1a1a2e,stroke:#00d4ff,color:#fff
    style B fill:#1a1a2e,stroke:#00d4ff,color:#fff
    style C fill:#0d3d4d,stroke:#00d4ff,color:#fff
    style D fill:#1a1a2e,stroke:#00d4ff,color:#fff

The practical consequence: anything that works for Claude Code works for the Agent SDK. The on-the-wire surface is the same /v1/messages endpoint, with the same headers, and the same Glitch detection pipeline runs on every request.

Setup

You need three environment variables — identical to the Claude Code API-key setup:

# Where the Claude Code binary sends requests
export ANTHROPIC_BASE_URL="https://your-glitch-sensor.example.com"

# Your Anthropic API key, forwarded verbatim by Glitch to upstream
export ANTHROPIC_API_KEY="sk-ant-..."

# Glitch tenant auth — the SDK passes this through Claude Code into request headers
export ANTHROPIC_CUSTOM_HEADERS="X-Glitch-Key: glitch_sk_..."

If your team uses Claude Pro/Max subscription auth instead of an API key, follow the Max subscription guide — the OAuth bearer flows through identically.

Per-project config

For long-running services, set these in your process manager (systemd, k8s env, Docker --env-file) rather than shell profiles. The SDK reads them once when it spawns the Claude Code subprocess.

Quick start

Python

pip install claude-agent-sdk

from claude_agent_sdk import query

# Environment variables above are picked up automatically.
# Every prompt goes through Glitch detection before reaching Anthropic.
async for message in query(prompt="Summarize the key risks in this changelog: ..."):
    print(message)

For multi-turn or tool-using agents, see the ClaudeSDKClient docs.

TypeScript

npm install @anthropic-ai/claude-agent-sdk

import { query } from "@anthropic-ai/claude-agent-sdk";

// Environment variables above are picked up automatically.
for await (const message of query({
  prompt: "Summarize the key risks in this changelog: ...",
})) {
  console.log(message);
}

For programmatic config (custom system prompt, tool restrictions), pass an options object. See the TypeScript reference.

Verify the round-trip

The fastest way to confirm Glitch is in the path is to send a deterministic prompt and inspect the audit log:

1. Run a one-shot prompt:

   import asyncio
   from claude_agent_sdk import query
   
   async def main():
       async for m in query(prompt="Print exactly the word: routed"):
           print(m)
   
   asyncio.run(main())

2. Open the Glitch dashboard, filter Logs by request path /v1/messages. You should see a fresh event with the system prompt the Agent SDK injected and your user message.

3. Group events by X-Claude-Code-Session-Id to reconstruct multi-turn agent runs across the Agent SDK’s spawned subprocess lifecycle.

What detection sees

The Agent SDK uses the full Anthropic content-block format (tool_use, tool_result, document, thinking, server-side tools like web_search_tool_result). Glitch’s detection pipeline mines text from all of these surfaces — including indirect-injection vectors that ride in tool results.

Block type	Detection coverage
text	Full text matched
tool_use	Tool name + JSON-encoded input
tool_result	Recursive — text inside content arrays is mined for nested injections
document (PDF)	Inline plaintext source + title + context fields
thinking	Full thinking content (visible to detectors)
image	No OCR — detection sees no text from images
Server-tool blocks (web_search_tool_result, code_execution_tool_result)	Any string field recursively mined

This means an agent that fetches a webpage, includes its content as a tool_result, and asks Claude to summarize it will have that webpage content scanned by Glitch’s detectors — catching prompt-injection content embedded in third-party pages before it influences the agent’s next turn.

Cloud routing (Bedrock / Vertex / Foundry)

The Agent SDK inherits Claude Code’s cloud-routing env vars: CLAUDE_CODE_USE_BEDROCK=1, CLAUDE_CODE_USE_VERTEX=1, CLAUDE_CODE_USE_FOUNDRY=1. These bypass ANTHROPIC_BASE_URL and route directly to the cloud provider’s Anthropic endpoint, so Glitch is not in the path. If you need detection on cloud-routed traffic, contact us — sensor support for Bedrock/Vertex egress is on the roadmap.

Troubleshooting

The Agent SDK errors and Claude Code errors are the same. Hit a 401 or 403 from Glitch? See:

• API-key troubleshooting
• Max-subscription troubleshooting

If the SDK can’t find Claude Code at all (Error: Claude Code binary not found), reinstall:

Python

# Bundled binary lives inside the package; reinstall to repair
pip install --force-reinstall claude-agent-sdk

TypeScript

# The native binary is an optional dep — make sure your install resolved it
npm install --include=optional @anthropic-ai/claude-agent-sdk

Related

Claude Code with API key

The base setup the Agent SDK inherits.

→ API-key path

Claude Code with Max subscription

OAuth flow for personal Pro/Max accounts.

→ Max-subscription path

Anthropic API Reference

Full endpoint surface Glitch covers — Messages, Models, Batches.

→ API reference