@trustgateai/sdk 1.0.0

package/dist/middleware/vercel-ai.d.mts

@@ -0,0 +1,59 @@
+import { T as TrustGateConfig } from '../types-BxyYog9f.mjs';
+
+/**
+ * Vercel AI SDK middleware: swap the provider to TrustGate with one line.
+ *
+ * Use createOpenAI from @openai/api or the AI SDK's OpenAI provider, and point
+ * baseURL to your TrustGate gateway. This ensures all LLM calls go through
+ * TrustGate with workflow context for Shadow AI detection.
+ *
+ * Example:
+ *
+ *   import { createOpenAI } from '@ai-sdk/openai';
+ *   import { createTrustGateOpenAI } from 'trustgate-node/middleware/vercel-ai';
+ *
+ *   const openai = createTrustGateOpenAI({
+ *     baseUrl: process.env.TRUSTGATE_BASE_URL!,
+ *     apiKey: process.env.TRUSTGATE_API_KEY,
+ *   });
+ *
+ *   // Then use `openai` with streamText() as usual — requests go through TrustGate.
+ *   const result = streamText({ model: openai('gpt-4'), messages, ... });
+ */
+
+interface TrustGateOpenAIOptions extends TrustGateConfig {
+    /**
+     * Optional OpenAI-compatible API key (if your gateway expects it in addition to TrustGate key).
+     */
+    openaiApiKey?: string;
+}
+/**
+ * Returns extra headers (lowercase keys) to pass to the Vercel AI SDK OpenAI provider
+ * so that requests sent to TrustGate include workflow context and x-trustgate-source-tool
+ * JSON for Shadow AI detection. Use with createOpenAI({ baseURL, headers: getTrustGateHeaders() }).
+ */
+declare function getTrustGateHeaders(workflowContext?: TrustGateConfig["workflowContext"]): Record<string, string>;
+/**
+ * Creates options suitable for the Vercel AI SDK's OpenAI provider so that
+ * you can swap the provider to TrustGate in one line.
+ *
+ * Usage with AI SDK 3.x:
+ *
+ *   import { createOpenAI } from '@ai-sdk/openai';
+ *   import { createTrustGateOpenAIOptions } from 'trustgate-node/middleware/vercel-ai';
+ *
+ *   const openaiOptions = createTrustGateOpenAIOptions({
+ *     baseUrl: process.env.TRUSTGATE_BASE_URL!,
+ *     apiKey: process.env.TRUSTGATE_API_KEY,
+ *   });
+ *
+ *   const openai = createOpenAI(openaiOptions);
+ *   // use openai('gpt-4') with streamText()
+ */
+declare function createTrustGateOpenAIOptions(options: TrustGateOpenAIOptions): {
+    baseURL: string;
+    apiKey?: string;
+    headers?: Record<string, string>;
+};
+
+export { type TrustGateOpenAIOptions, createTrustGateOpenAIOptions, getTrustGateHeaders };

package/dist/middleware/vercel-ai.d.ts

@@ -0,0 +1,59 @@
+import { T as TrustGateConfig } from '../types-BxyYog9f.js';
+
+/**
+ * Vercel AI SDK middleware: swap the provider to TrustGate with one line.
+ *
+ * Use createOpenAI from @openai/api or the AI SDK's OpenAI provider, and point
+ * baseURL to your TrustGate gateway. This ensures all LLM calls go through
+ * TrustGate with workflow context for Shadow AI detection.
+ *
+ * Example:
+ *
+ *   import { createOpenAI } from '@ai-sdk/openai';
+ *   import { createTrustGateOpenAI } from 'trustgate-node/middleware/vercel-ai';
+ *
+ *   const openai = createTrustGateOpenAI({
+ *     baseUrl: process.env.TRUSTGATE_BASE_URL!,
+ *     apiKey: process.env.TRUSTGATE_API_KEY,
+ *   });
+ *
+ *   // Then use `openai` with streamText() as usual — requests go through TrustGate.
+ *   const result = streamText({ model: openai('gpt-4'), messages, ... });
+ */
+
+interface TrustGateOpenAIOptions extends TrustGateConfig {
+    /**
+     * Optional OpenAI-compatible API key (if your gateway expects it in addition to TrustGate key).
+     */
+    openaiApiKey?: string;
+}
+/**
+ * Returns extra headers (lowercase keys) to pass to the Vercel AI SDK OpenAI provider
+ * so that requests sent to TrustGate include workflow context and x-trustgate-source-tool
+ * JSON for Shadow AI detection. Use with createOpenAI({ baseURL, headers: getTrustGateHeaders() }).
+ */
+declare function getTrustGateHeaders(workflowContext?: TrustGateConfig["workflowContext"]): Record<string, string>;
+/**
+ * Creates options suitable for the Vercel AI SDK's OpenAI provider so that
+ * you can swap the provider to TrustGate in one line.
+ *
+ * Usage with AI SDK 3.x:
+ *
+ *   import { createOpenAI } from '@ai-sdk/openai';
+ *   import { createTrustGateOpenAIOptions } from 'trustgate-node/middleware/vercel-ai';
+ *
+ *   const openaiOptions = createTrustGateOpenAIOptions({
+ *     baseUrl: process.env.TRUSTGATE_BASE_URL!,
+ *     apiKey: process.env.TRUSTGATE_API_KEY,
+ *   });
+ *
+ *   const openai = createOpenAI(openaiOptions);
+ *   // use openai('gpt-4') with streamText()
+ */
+declare function createTrustGateOpenAIOptions(options: TrustGateOpenAIOptions): {
+    baseURL: string;
+    apiKey?: string;
+    headers?: Record<string, string>;
+};
+
+export { type TrustGateOpenAIOptions, createTrustGateOpenAIOptions, getTrustGateHeaders };

package/dist/middleware/vercel-ai.js

@@ -0,0 +1,158 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/middleware/vercel-ai.ts
+var vercel_ai_exports = {};
+__export(vercel_ai_exports, {
+  createTrustGateOpenAIOptions: () => createTrustGateOpenAIOptions,
+  getTrustGateHeaders: () => getTrustGateHeaders
+});
+module.exports = __toCommonJS(vercel_ai_exports);
+
+// src/version.ts
+var SDK_VERSION = "1.0.0";
+
+// src/context.ts
+var HEADER_PREFIX = "x-trustgate";
+var SOURCE_TOOL_HEADER = "x-trustgate-source-tool";
+var N8N_KEYS = [
+  "N8N_WORKFLOW_ID",
+  "N8N_EXECUTION_ID",
+  "N8N_WORKFLOW_NAME",
+  "N8N_EXECUTION_MODE"
+];
+var VERCEL_KEYS = [
+  "VERCEL",
+  "VERCEL_ENV",
+  "VERCEL_URL",
+  "VERCEL_GIT_COMMIT_REF",
+  "VERCEL_GIT_REPO_ID",
+  "VERCEL_GIT_COMMIT_SHA"
+];
+var GITHUB_KEYS = [
+  "GITHUB_ACTION",
+  "GITHUB_ACTIONS",
+  "GITHUB_WORKFLOW",
+  "GITHUB_RUN_ID",
+  "GITHUB_RUN_NUMBER",
+  "GITHUB_REPOSITORY",
+  "GITHUB_SHA"
+];
+function pickEnv(keys) {
+  const out = {};
+  for (const key of keys) {
+    const v = process.env[key];
+    if (v !== void 0 && v !== "") out[key] = v;
+  }
+  return out;
+}
+function getBaseMetadata() {
+  return {
+    sdk_version: SDK_VERSION,
+    node_version: process.version,
+    os: process.platform,
+    arch: process.arch
+  };
+}
+function getWorkflowContextFromEnv() {
+  const baseMeta = getBaseMetadata();
+  const n8n = pickEnv(N8N_KEYS);
+  if (Object.keys(n8n).length > 0) {
+    return {
+      source: "n8n",
+      workflow_id: n8n.N8N_WORKFLOW_ID,
+      execution_id: n8n.N8N_EXECUTION_ID,
+      metadata: { ...baseMeta, ...n8n }
+    };
+  }
+  const vercel = pickEnv(VERCEL_KEYS);
+  if (Object.keys(vercel).length > 0) {
+    return {
+      source: "vercel",
+      workflow_id: vercel.VERCEL_GIT_REPO_ID || vercel.VERCEL_URL,
+      execution_id: vercel.VERCEL_GIT_COMMIT_SHA,
+      metadata: { ...baseMeta, ...vercel }
+    };
+  }
+  const github = pickEnv(GITHUB_KEYS);
+  if (Object.keys(github).length > 0) {
+    return {
+      source: "github",
+      workflow_id: github.GITHUB_WORKFLOW || github.GITHUB_REPOSITORY,
+      execution_id: github.GITHUB_RUN_ID || github.GITHUB_RUN_NUMBER,
+      metadata: { ...baseMeta, ...github }
+    };
+  }
+  return {
+    source: "local_script",
+    metadata: baseMeta
+  };
+}
+function buildSourceToolJson(ctx) {
+  const meta = ctx.metadata ?? getBaseMetadata();
+  const payload = {
+    source: ctx.source,
+    metadata: meta
+  };
+  if (ctx.workflow_id !== void 0) payload.workflow_id = ctx.workflow_id;
+  if (ctx.execution_id !== void 0) payload.execution_id = ctx.execution_id;
+  if (ctx.workflow_step !== void 0) payload.workflow_step = ctx.workflow_step;
+  return JSON.stringify(payload);
+}
+function buildContextHeaders(ctx) {
+  const meta = ctx.metadata ?? getBaseMetadata();
+  const h = {
+    [SOURCE_TOOL_HEADER]: buildSourceToolJson({ ...ctx, metadata: meta }),
+    [`${HEADER_PREFIX}-source`]: ctx.source
+  };
+  if (ctx.workflow_id) h[`${HEADER_PREFIX}-workflow-id`] = ctx.workflow_id;
+  if (ctx.execution_id) h[`${HEADER_PREFIX}-execution-id`] = ctx.execution_id;
+  if (ctx.workflow_step) h[`${HEADER_PREFIX}-workflow-step`] = ctx.workflow_step;
+  for (const [k, v] of Object.entries(meta)) {
+    if (v) h[`${HEADER_PREFIX}-meta-${k.toLowerCase()}`] = String(v);
+  }
+  return h;
+}
+
+// src/middleware/vercel-ai.ts
+function getTrustGateHeaders(workflowContext) {
+  const ctx = workflowContext ?? getWorkflowContextFromEnv();
+  return buildContextHeaders(ctx);
+}
+function createTrustGateOpenAIOptions(options) {
+  const baseUrl = options.baseUrl.replace(/\/$/, "");
+  const headers = {
+    ...options.headers,
+    ...getTrustGateHeaders(options.workflowContext)
+  };
+  if (options.apiKey) {
+    headers["authorization"] = `Bearer ${options.apiKey}`;
+    headers["x-api-key"] = options.apiKey;
+  }
+  return {
+    baseURL: baseUrl,
+    apiKey: options.openaiApiKey ?? options.apiKey,
+    headers: Object.keys(headers).length ? headers : void 0
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createTrustGateOpenAIOptions,
+  getTrustGateHeaders
+});

package/dist/middleware/vercel-ai.mjs

@@ -0,0 +1,9 @@
+import {
+  createTrustGateOpenAIOptions,
+  getTrustGateHeaders
+} from "../chunk-UUGIIO3Q.mjs";
+import "../chunk-SV5FTXAH.mjs";
+export {
+  createTrustGateOpenAIOptions,
+  getTrustGateHeaders
+};

package/dist/types-BxyYog9f.d.mts

@@ -0,0 +1,69 @@
+/**
+ * Runtime metadata included in every context for parity with the Python SDK.
+ * Sent in x-trustgate-source-tool and in x-trustgate-meta-* headers.
+ */
+interface RuntimeMetadata {
+    /** SDK version (e.g. "1.0.0"). */
+    sdk_version: string;
+    /** Node.js version (e.g. "v20.1.0"). */
+    node_version: string;
+    /** Operating system platform (process.platform, e.g. "win32", "darwin", "linux"). */
+    os: string;
+    /** CPU architecture (process.arch, e.g. "x64", "arm64"). */
+    arch: string;
+    [key: string]: string;
+}
+/**
+ * Workflow/source metadata for Shadow AI detection and observability.
+ * Populated from n8n, Vercel, GitHub Actions, or default "local_script".
+ * Metadata always includes sdk_version, node_version, os, arch for Python parity.
+ */
+interface WorkflowContext {
+    /** Source: "n8n" | "vercel" | "github" | "local_script" | "custom". Never null. */
+    source: string;
+    /** Workflow or execution identifier */
+    workflow_id?: string;
+    /** Execution or run ID */
+    execution_id?: string;
+    /** Step identifier; key for generating Gantt chart bars in the Agent Intelligence dashboard. */
+    workflow_step?: string;
+    /** Runtime + environment metadata. When omitted, SDK fills sdk_version, node_version, os, arch. */
+    metadata?: RuntimeMetadata;
+}
+/**
+ * TrustGate client configuration.
+ */
+interface TrustGateConfig {
+    /** TrustGate gateway base URL (e.g. https://gateway.example.com) */
+    baseUrl: string;
+    /** API key for gateway authentication (if required) */
+    apiKey?: string;
+    /** Override workflow context; if not set, context is derived from process.env (never null). */
+    workflowContext?: WorkflowContext;
+    /** Extra headers sent with every request */
+    headers?: Record<string, string>;
+}
+/**
+ * Options for a single request (merge with client config).
+ */
+interface RequestOptions {
+    /** Override workflow context for this request only */
+    workflowContext?: WorkflowContext;
+    /** Additional headers for this request */
+    headers?: Record<string, string>;
+    /** Request timeout in ms */
+    timeout?: number;
+}
+/**
+ * Pre-formatted headers for n8n HTTP Request node (name/value pairs).
+ */
+interface N8nHeaderSnippet {
+    headers: Array<{
+        name: string;
+        value: string;
+    }>;
+    /** JSON string suitable for pasting into n8n */
+    json: string;
+}
+
+export type { N8nHeaderSnippet as N, RequestOptions as R, TrustGateConfig as T, WorkflowContext as W, RuntimeMetadata as a };

package/dist/types-BxyYog9f.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Runtime metadata included in every context for parity with the Python SDK.
+ * Sent in x-trustgate-source-tool and in x-trustgate-meta-* headers.
+ */
+interface RuntimeMetadata {
+    /** SDK version (e.g. "1.0.0"). */
+    sdk_version: string;
+    /** Node.js version (e.g. "v20.1.0"). */
+    node_version: string;
+    /** Operating system platform (process.platform, e.g. "win32", "darwin", "linux"). */
+    os: string;
+    /** CPU architecture (process.arch, e.g. "x64", "arm64"). */
+    arch: string;
+    [key: string]: string;
+}
+/**
+ * Workflow/source metadata for Shadow AI detection and observability.
+ * Populated from n8n, Vercel, GitHub Actions, or default "local_script".
+ * Metadata always includes sdk_version, node_version, os, arch for Python parity.
+ */
+interface WorkflowContext {
+    /** Source: "n8n" | "vercel" | "github" | "local_script" | "custom". Never null. */
+    source: string;
+    /** Workflow or execution identifier */
+    workflow_id?: string;
+    /** Execution or run ID */
+    execution_id?: string;
+    /** Step identifier; key for generating Gantt chart bars in the Agent Intelligence dashboard. */
+    workflow_step?: string;
+    /** Runtime + environment metadata. When omitted, SDK fills sdk_version, node_version, os, arch. */
+    metadata?: RuntimeMetadata;
+}
+/**
+ * TrustGate client configuration.
+ */
+interface TrustGateConfig {
+    /** TrustGate gateway base URL (e.g. https://gateway.example.com) */
+    baseUrl: string;
+    /** API key for gateway authentication (if required) */
+    apiKey?: string;
+    /** Override workflow context; if not set, context is derived from process.env (never null). */
+    workflowContext?: WorkflowContext;
+    /** Extra headers sent with every request */
+    headers?: Record<string, string>;
+}
+/**
+ * Options for a single request (merge with client config).
+ */
+interface RequestOptions {
+    /** Override workflow context for this request only */
+    workflowContext?: WorkflowContext;
+    /** Additional headers for this request */
+    headers?: Record<string, string>;
+    /** Request timeout in ms */
+    timeout?: number;
+}
+/**
+ * Pre-formatted headers for n8n HTTP Request node (name/value pairs).
+ */
+interface N8nHeaderSnippet {
+    headers: Array<{
+        name: string;
+        value: string;
+    }>;
+    /** JSON string suitable for pasting into n8n */
+    json: string;
+}
+
+export type { N8nHeaderSnippet as N, RequestOptions as R, TrustGateConfig as T, WorkflowContext as W, RuntimeMetadata as a };

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "@trustgateai/sdk",
+  "version": "1.0.0",
+  "description": "TrustGate Node.js SDK with Shadow AI detection and workflow context",
+  "main": "dist/index.js",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    },
+    "./middleware/vercel-ai": {
+      "types": "./dist/middleware/vercel-ai.d.ts",
+      "import": "./dist/middleware/vercel-ai.mjs",
+      "require": "./dist/middleware/vercel-ai.js"
+    },
+    "./middleware/langchain": {
+      "types": "./dist/middleware/langchain.d.ts",
+      "import": "./dist/middleware/langchain.mjs",
+      "require": "./dist/middleware/langchain.js"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts src/middleware/vercel-ai.ts src/middleware/langchain.ts --format cjs,esm --dts --clean",
+    "dev": "tsup src/index.ts src/middleware/vercel-ai.ts src/middleware/langchain.ts --format cjs,esm --dts --watch"
+  },
+  "keywords": [
+    "trustgate",
+    "neuraltrust",
+    "shadow-ai",
+    "ai-gateway",
+    "n8n",
+    "vercel",
+    "langchain"
+  ],
+  "author": "",
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.3.0"
+  },
+  "peerDependencies": {
+    "ai": "^3.0.0",
+    "@langchain/openai": "^0.2.0"
+  },
+  "peerDependenciesMeta": {
+    "ai": { "optional": true },
+    "@langchain/openai": { "optional": true }
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}

package/src/client.ts

@@ -0,0 +1,125 @@
+import type { TrustGateConfig, RequestOptions, WorkflowContext } from "./types.js";
+import { getWorkflowContextFromEnv, buildContextHeaders } from "./context.js";
+
+function resolveContext(config: TrustGateConfig, options?: RequestOptions): WorkflowContext {
+  return (
+    options?.workflowContext ??
+    config.workflowContext ??
+    getWorkflowContextFromEnv()
+  );
+}
+
+function mergeHeaders(
+  config: TrustGateConfig,
+  options?: RequestOptions,
+  context?: WorkflowContext
+): Record<string, string> {
+  const out: Record<string, string> = {
+    "content-type": "application/json",
+    ...config.headers,
+    ...options?.headers,
+  };
+  if (config.apiKey) {
+    out["authorization"] = `Bearer ${config.apiKey}`;
+    out["x-api-key"] = config.apiKey;
+  }
+  if (context) {
+    Object.assign(out, buildContextHeaders(context));
+  }
+  return out;
+}
+
+/**
+ * TrustGate Node.js client. Forwards requests to the TrustGate gateway with
+ * workflow context for Shadow AI detection and observability.
+ *
+ * Context is sent in lowercase headers (e.g. x-trustgate-source) and as JSON
+ * in x-trustgate-source-tool for parity with the Python SDK. The `workflow_step`
+ * field in context is the key used to generate Gantt chart bars in the
+ * Agent Intelligence dashboard.
+ */
+export class TrustGate {
+  private readonly config: TrustGateConfig;
+
+  constructor(config: TrustGateConfig) {
+    const baseUrl = config.baseUrl.replace(/\/$/, "");
+    this.config = { ...config, baseUrl };
+  }
+
+  /** Base URL of the TrustGate gateway. */
+  get baseUrl(): string {
+    return this.config.baseUrl;
+  }
+
+  /**
+   * Get the current effective workflow context (from config override or process.env).
+   * Never null; defaults to source "local_script" when no managed env is detected.
+   */
+  getWorkflowContext(options?: RequestOptions): WorkflowContext {
+    return resolveContext(this.config, options);
+  }
+
+  /**
+   * Perform a non-streaming JSON request through TrustGate.
+   */
+  async fetch(path: string, init: RequestInit = {}, options?: RequestOptions): Promise<Response> {
+    const context = resolveContext(this.config, options);
+    const url = path.startsWith("http") ? path : `${this.config.baseUrl}/${path.replace(/^\//, "")}`;
+    const headers = mergeHeaders(this.config, options, context);
+    const timeout = options?.timeout ?? 60_000;
+
+    const controller = new AbortController();
+    const id = setTimeout(() => controller.abort(), timeout);
+    try {
+      const res = await fetch(url, {
+        ...init,
+        headers: { ...headers, ...(init.headers as Record<string, string>) },
+        signal: init.signal ?? controller.signal,
+      });
+      return res;
+    } finally {
+      clearTimeout(id);
+    }
+  }
+
+  /**
+   * Perform a streaming request (SSE). Forwards the response stream and ensures
+   * workflow_id (and other context) is sent in the initial request so the
+   * background task is attributed correctly. Set Accept: text/event-stream
+   * when calling for SSE endpoints.
+   */
+  async fetchStream(
+    path: string,
+    init: RequestInit = {},
+    options?: RequestOptions
+  ): Promise<Response> {
+    const context = resolveContext(this.config, options);
+    const url = path.startsWith("http") ? path : `${this.config.baseUrl}/${path.replace(/^\//, "")}`;
+    const headers = mergeHeaders(this.config, options, context);
+    const mergedHeaders = {
+      accept: "text/event-stream",
+      ...headers,
+      ...(init.headers as Record<string, string>),
+    };
+
+    const res = await fetch(url, {
+      ...init,
+      headers: mergedHeaders,
+      signal: init.signal,
+    });
+
+    if (!res.ok || !res.body) {
+      return res;
+    }
+
+    if (!res.headers.get("content-type")?.includes("text/event-stream")) {
+      return res;
+    }
+
+    return new Response(res.body, {
+      status: res.status,
+      statusText: res.statusText,
+      headers: res.headers,
+    });
+  }
+}