SDKs & Libraries

Integrate Netallion AI Assurance detection into your applications, CI/CD pipelines, and custom workflows with official SDKs.

Python

Available

# Install the detection engine

pip install netallion-detection

# With BPE tokenization support

pip install netallion-detection[bpe]

# With CLI tool

pip install netallion-detection[cli]

Scan Text for Secrets

from netallion_detection import DetectionEngine

engine = DetectionEngine(enable_bpe=True)

# Scan a text string
result = engine.scan_text(
    "aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
)

for match in result.matches:
    print(f"{match.pattern_name}: {match.severity}")
    print(f"  Confidence: {match.confidence_score}")
    print(f"  Hash: {match.secret_hash[:16]}...")
    print(f"  Redacted: {match.redacted_snippet}")

Scan Files

from netallion_detection import DetectionEngine
from pathlib import Path

engine = DetectionEngine(enable_bpe=True)

# Scan a file
for finding in engine.scan_file(Path("config.yaml")):
    print(f"[{finding.severity}] {finding.pattern_name}")
    print(f"  Line {finding.line_number}: {finding.redacted_snippet}")

# Scan a directory
for finding in engine.scan_directory(
    Path("./src"),
    exclude_patterns=["*.test.*", "node_modules/**"],
):
    print(f"{finding.file_path}:{finding.line_number} {finding.pattern_name}")

API Client

import httpx

API_URL = "https://api.netallion.ai/api/v1"
headers = {"Authorization": "Bearer cfk_your_api_key"}

# List incidents
r = httpx.get(f"{API_URL}/incidents", headers=headers,
              params={"severity": "critical", "status": "open"})
incidents = r.json()["items"]

# Trigger scan
r = httpx.post(f"{API_URL}/scans", headers=headers,
               json={"workspace_id": "ws-uuid"})

# Scan a prompt before sending to AI
r = httpx.post(f"{API_URL}/prompt-dlp/scan", headers=headers,
               json={
                   "payload": {"messages": [{"role": "user", "content": code}]},
                   "provider": "openai",
                   "mode": "redact",
               })
if r.json()["action"] == "blocked":
    print("Secret detected — prompt blocked")

Key Classes

DetectionEngineCore scanning engine
PatternRegistryPattern management
DetectionResultScan results container
FindingIndividual match
BasePatternCustom pattern base class
CLI Documentation →PyPI →

TypeScript / JavaScript

Available

# Install the API client

npm install @netallion/sdk

Initialize Client

import { Netallion AI Assurance } from '@netallion/sdk';

const cf = new Netallion AI Assurance({
  apiKey: process.env.NETALLION_API_KEY!,
  // baseUrl: 'https://api.netallion.ai', // default
});

List & Manage Incidents

// List critical open incidents
const incidents = await cf.incidents.list({
  severity: ['critical', 'high'],
  status: 'open',
  page: 1,
  pageSize: 25,
});

console.log(`${incidents.total} open incidents`);

// Acknowledge an incident
await cf.incidents.acknowledge(incidents.items[0].id);

// Get incident details with remediation options
const detail = await cf.incidents.get(incidentId);
console.log(detail.remediation_options);

Trigger Remediation

// Preview blast radius before remediating
const blast = await cf.remediation.blastRadius(incidentId);
console.log(`Affects ${blast.affected_services.length} services`);

// Execute remediation
const result = await cf.remediation.execute({
  incidentId,
  action: 'rotate',  // or 'revoke', 'deactivate'
  confirm: true,
});

// Check status
const status = await cf.remediation.status(incidentId);
console.log(status.state); // 'completed'

// Rollback within 24 hours if needed
await cf.remediation.rollback(incidentId);

Prompt DLP

// Scan an AI prompt before sending
const scan = await cf.promptDlp.scan({
  payload: {
    messages: [
      { role: 'user', content: codeWithPossibleSecrets },
    ],
  },
  provider: 'openai',
  mode: 'redact',
});

if (scan.action === 'blocked') {
  console.error('Prompt contained secrets');
} else if (scan.action === 'redacted') {
  // Use the cleaned payload
  const cleanedPrompt = scan.redacted_payload;
}

// Get prompt DLP stats
const stats = await cf.promptDlp.stats({ days: 30 });

Workspaces & Scans

// List workspaces
const workspaces = await cf.workspaces.list();

// Trigger a scan
const scan = await cf.scans.create({
  workspaceId: workspaces.items[0].id,
});

// Poll scan status
const result = await cf.scans.get(scan.id);
console.log(result.status); // 'completed'
console.log(`Found ${result.findings_count} secrets`);

Available Modules

cf.incidentslist, get, acknowledge, resolve
cf.scanscreate, list, get, cancel
cf.workspaceslist, create, get, test
cf.remediationexecute, status, rollback, blastRadius
cf.promptDlpscan, stats, config
cf.nhilist, get, verify, stats
cf.auditlogs, export, verifyChain
API Reference →npm →

Error Handling

Python

import httpx

try:
    r = httpx.get(url, headers=headers)
    r.raise_for_status()
except httpx.HTTPStatusError as e:
    if e.response.status_code == 401:
        print("Invalid or expired API key")
    elif e.response.status_code == 403:
        print("Insufficient permissions")
    elif e.response.status_code == 429:
        retry_after = e.response.headers.get("Retry-After", 60)
        print(f"Rate limited. Retry after {retry_after}s")
    else:
        detail = e.response.json().get("detail", "Unknown error")
        print(f"API error {e.response.status_code}: {detail}")

TypeScript

try {
  const incidents = await cf.incidents.list();
} catch (err) {
  if (err instanceof Netallion AI AssuranceError) {
    switch (err.status) {
      case 401: console.error('Invalid API key'); break;
      case 403: console.error('Insufficient permissions'); break;
      case 429:
        const retryAfter = err.headers?.['retry-after'];
        console.error(`Rate limited. Retry after ${retryAfter}s`);
        break;
      default:
        console.error(`API error ${err.status}: ${err.detail}`);
    }
  }
}

Pagination

// All list endpoints support cursor-based pagination
let page = 1;
let allIncidents = [];

while (true) {
  const result = await cf.incidents.list({ page, pageSize: 100 });
  allIncidents.push(...result.items);

  if (allIncidents.length >= result.total) break;
  page++;
}

console.log(`Fetched ${allIncidents.length} total incidents`);

CI/CD Integrations

GitHub Actions

Official action with PR annotations

netallion/scan-action@v1

Pre-commit Hook

Block secrets before commit

netallion-scan hook install

Any CI System

Exit code integration

netallion-scan scan . --exit-code

MCP IDE Server

Install the Netallion AI Assurance MCP server in VS Code, Cursor, or any MCP-compatible IDE for real-time secret scanning as you code.

// .vscode/mcp.json
{
  "servers": {
    "netallion": {
      "command": "netallion-mcp",
      "args": ["--api-key", "${env:CF_API_KEY}"]
    }
  }
}