Docs / Quickstart

Quickstart: Wire TrustNode in Minutes

Install @trustnode/cli, run trustnode scan, and attach egress policies before traffic reaches external LLMs.

On this page

1. Install the CLI

Install the CLI globally, then run a scan from your project root.

bash
npm install -g @trustnode/cli

trustnode scan --path ./src

2. Configure trustnode.config.json

trustnode.config.json
{
  "masking": {
    "pii": true,
    "creditCard": true
  },
  "compliance": ["GDPR", "HIPAA"]
}

Define which entities to detect and mask before data leaves your environment. See all configuration options →

3. Verify your setup

Run a report scan to confirm policies are active and the egress boundary is armed.

bash
trustnode scan --path ./src --report

# ✓ 0 leaks · 3 policies active · egress boundary armed

Brand Guard (Dynamic Dictionary)

TrustNode operates with zero-latency. Inject your dynamic list of competitors or restricted terms directly from your database, bypassing the need for slow LLM checks.

javascript
import { maskPii } from '@trustnode/core';

// Fetch your dynamic list from a database (e.g., PostgreSQL/Redis)
const myCompanyCompetitors = ['AcmeCorp', 'Globex', 'Stark Industries'];

const { output } = maskPii("I think AcmeCorp has better pricing.", {
  brandGuard: {
    competitors: myCompanyCompetitors
  }
});

Competitor hits are rewritten to [COMPETITOR_MENTION_BLOCKED] before egress — no round-trip to an LLM required.

Tokenization & Vault (Re-identification)

Never lose your data. TrustNode's Token Vault replaces sensitive PII with context-aware tokens before hitting the LLM, and seamlessly restores the original data before presenting it back to the user.

javascript
import { maskPii, unmaskPii } from '@trustnode/core';

// 1. Initialize a secure in-memory vault
const vault = new Map();

// 2. Mask user input before sending to external LLMs
const userInput = "Contact jane@example.com about the new project.";
const masked = maskPii(userInput, { vault });
// masked.output -> "Contact [EMAIL_1] about the new project."

// 3. (Mock) LLM processes the safe text
const llmResponse = `I have drafted an email to ${masked.output}`;

// 4. Restore the original data before showing the user
const finalOutput = unmaskPii(llmResponse, vault);
// finalOutput -> "I have drafted an email to Contact jane@example.com about the new project."

Pass the same vault instance to maskPii and unmaskPii — tokens such as [EMAIL_1] round-trip while Brand Guard blocks never enter the vault.

Next steps

SDK Integration

Attach @trustnode/core in-process for native policy checks.

API Reference

Endpoints, auth, and masking policies for server workloads.

Compliance presets

GDPR, CCPA, HIPAA, and COPPA-ready masking out of the box.

CLI Reference

Every flag for trustnode scan, report, and policy commands.