Skip to main content
The @vouch-ai/sdk package wires OpenLLMetry auto-instrumentation into every LLM client running in your Node.js process — OpenAI, Anthropic, LangChain, Bedrock, LlamaIndex, and more — and ships the resulting OpenTelemetry spans to your Trident project at app.usetrident.dev. PII redaction runs entirely inside your process before any trace data leaves, so emails, API keys, credit card numbers, and other sensitive values are scrubbed at the edge, never in transit.

Requirements

  • Node.js 20 or later (the SDK is published as native ESM)
  • npm, yarn, or pnpm

Install

npm install @vouch-ai/sdk

Set your environment variables

Open your project’s .env file (or your deployment platform’s secrets manager) and add the keys from your project’s Settings → API Keys page at app.usetrident.dev:
.env
TRIDENT_PROJECT_PUBLIC_KEY=pk-...
TRIDENT_PROJECT_SECRET_KEY=sk-...
The SDK also accepts the legacy VOUCH_PROJECT_PUBLIC_KEY / VOUCH_PROJECT_SECRET_KEY names for backwards compatibility.

Initialize Trident

Call trident.init() once, at the very top of your application entry point, before you import or instantiate any LLM client. Every LLM call made after init() is automatically traced. 
import { trident } from "@vouch-ai/sdk";

trident.init({
  projectPk: process.env.TRIDENT_PROJECT_PUBLIC_KEY,
  projectSk: process.env.TRIDENT_PROJECT_SECRET_KEY,
  agentId: "prod-rag-bot", // optional — scopes spans to a named agent
});
When projectPk and projectSk are omitted, init() reads them from TRIDENT_PROJECT_PUBLIC_KEY / TRIDENT_PROJECT_SECRET_KEY automatically, so the call can be reduced to a bare trident.init() if you prefer to keep credentials only in the environment.

All options

OptionTypeDefaultDescription
projectPkstringenvProject public key.
projectSkstringenvProject secret key.
agentIdstringenvLogical agent identifier shown in the dashboard. Reads TRIDENT_AGENT_ID.
agentUrlstringenv / sniffedPublic HTTP endpoint where the agent receives prompts, used by the Red Team page. Reads TRIDENT_AGENT_URL, then VOUCH_AGENT_URL. If not set the SDK sniffs the URL from platform env vars (Vercel, Fly, Render, Railway, Heroku, Koyeb, Cloudflare Workers, AWS App Runner) and falls back to observing http.Server.listen.
agentPathstring/Path the agent’s handler is mounted at (e.g. /api/chat). Reads TRIDENT_AGENT_PATH. Used when assembling a URL from a sniffed host.
sniffAgentUrlbooleantrueSet false to disable the http.Server.prototype.listen hook entirely.
endpointstringhttps://app.tryvouch.aiOverride the Trident host. Reads TRIDENT_ENDPOINT.
appNamestringagentIdOTel resource app name. Falls back to "vouch-app".
disableBatchbooleanfalseEmit each span immediately instead of batching. Useful for short-lived scripts.
redactPIIboolean | { rules?: PiiRule[] }trueEdge PII redaction. true uses the built-in rule set; pass { rules } for custom rules; false disables.
traceloopOptionsRecord<string, unknown>Extra options forwarded verbatim to the underlying Traceloop.init() call.

Full working example

The snippet below starts Trident tracing, then makes a standard OpenAI chat completion. The completion call is traced automatically — no wrapping or middleware required. 
import { trident } from "@vouch-ai/sdk";
import OpenAI from "openai";

// 1. Start tracing — do this before creating any LLM client.
trident.init({
  agentId: "my-chat-agent",
});

// 2. Create your LLM client exactly as you normally would.
const openai = new OpenAI(); // picks up OPENAI_API_KEY from env

// 3. Make LLM calls — tracing is automatic.
const response = await openai.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: "Summarise the Trident docs in one sentence." }],
});

console.log(response.choices[0].message.content);

Zero-code option (no source changes)

If you want Trident traces without touching your source code, use the @vouch-ai/sdk/register module with Node’s --import flag. The module reads your credentials from environment variables and calls init() automatically before your application starts. 
TRIDENT_PROJECT_PUBLIC_KEY=pk-... \
TRIDENT_PROJECT_SECRET_KEY=sk-... \
TRIDENT_AGENT_ID=my-agent \
node --import @vouch-ai/sdk/register dist/server.js
The register module is a silent no-op if TRIDENT_PROJECT_PUBLIC_KEY or TRIDENT_PROJECT_SECRET_KEY are not set — it never throws and never breaks your app. In non-production environments it prints a warning to help you catch misconfigurations early.

Supported LLM frameworks

The SDK auto-instruments all of the following when they are loaded in the same process:

OpenAI

Anthropic

LangChain

CrewAI

LlamaIndex

Amazon Bedrock

Google VertexAI

Cohere

MCP (Model Context Protocol)

OpenAI Agents SDK

No code changes are required in your LLM client calls. Instrumentation attaches at the module level as soon as init() runs.
PII redaction is on by default. Before any span attribute leaves your process, the SDK scans it for and replaces the following patterns with [REDACTED_<TYPE>] tokens:
  • EMAIL — email addresses
  • CREDIT_CARD — card numbers (Luhn-validated to avoid false positives)
  • SSN — US Social Security Numbers (XXX-XX-XXXX)
  • AWS_KEY — AWS access key IDs (AKIA…, ASIA…)
  • JWT — JSON Web Tokens
  • API_KEY — API keys (sk-…, sk-ant-…)
  • IBAN — International Bank Account Numbers
  • IP — IPv4 addresses
  • PHONE — phone numbers
Pass redactPII: false to init() to disable, or redactPII: { rules: [...] } to supply your own rule set.

Next steps

TypeScript SDK API Reference

Explore the full API: trident.init(), trident.scan(), trident.selfReport(), and all configuration options.