Skip to main content
The Node SDK is the simplest way to put Inviolet in front of your LLM calls. It wraps your existing Anthropic or OpenAI client and adds intent extraction transparently.

Install

npm install @inviolet/sdk
Required Node version: 20+.

Wrap a client

import { InvioletGateway } from "@inviolet/sdk"
import Anthropic from "@anthropic-ai/sdk"

const inviolet = new InvioletGateway({
  apiKey: process.env.INVIOLET_API_KEY!,
  // Optional — defaults to https://gateway.inviolet.ai
  endpoint: process.env.INVIOLET_GATEWAY_URL,
})

const anthropic = inviolet.wrap(
  new Anthropic({ apiKey: process.env.ANTHROPIC_API_KEY! }),
)

// Use anthropic exactly as you would normally.
const message = await anthropic.messages.create({
  model: "claude-sonnet-4-5",
  max_tokens: 1024,
  messages: [{ role: "user", content: "Look up customer 12345's recent orders." }],
})
Every tool call inside the wrapped client now flows through Inviolet’s intent extractor. From the application’s perspective, nothing changes — it’s the same Anthropic SDK API.

Verify intent tokens

When Inviolet approves a call, the response includes the issued token in the metadata. Downstream code can verify it: 
import { verifyIntentToken } from "@inviolet/sdk"

async function readCustomer(token: string, customerId: string) {
  const claims = await verifyIntentToken(token)

  // Check the intention is what we expect
  if (claims.purp.id !== "customer_support_lookup") {
    throw new Error("wrong_intention")
  }

  // Check the column we want is in the approved set
  if (!claims.purp.elements.includes("customer.email")) {
    throw new Error("element_not_approved")
  }

  // Proceed with the database read
  return db.query("SELECT email FROM customers WHERE id = $1", [customerId])
}

Configuration

OptionDefaultDescription
apiKey(required)Your Inviolet API key
endpointhttps://gateway.inviolet.aiOverride for self-hosted gateways
timeout30000Request timeout in ms
retry{ retries: 2 }Retry config for transient failures
  • Python SDK for the Python equivalent
  • REST API if you’d rather hit the HTTP API directly