Description
n8n-nodes-signatrust


Sign every AI decision in your n8n workflow with Signatrust — the trust, verification and accountability layer for autonomous AI agents.
This community node lets any n8n workflow generate, verify and retrieve cryptographically signed AI Decision Receipts against Signatrust Cloud or your self-hosted enterprise endpoint.
- One unified credential for Cloud and Self-Hosted (Connection Type selector)
- Three focused operations — nothing more, by design
- Privacy-first — raw prompts and outputs are SHA-256 hashed; only the hash is stored unless you opt in
- MIT-licensed, open source
- Production-deployed adapter at
https://signatrust.net/api/v1/n8n
> Full landing page, recipes and FAQ:
—
What this node is — and what it isn’t
| Does | Doesn’t |
| — | — |
| Cryptographically signs the AI output you hand it (Ed25519 over canonical JSON) | Stream or persist your workflow execution logs |
| Returns receipt id, signature, hash, public verify URL, full receipt | Replace n8n Enterprise Log Streaming, Audit Logs, RBAC or Workflow Monitoring |
| Hashes raw inputs/outputs server-side, storing only the hash | Send raw prompts or business data to Signatrust unless you opt in |
| Verifies and retrieves any previously sealed receipt | Embed analytics or telemetry beyond the three operations you trigger |
| Works against Cloud or self-hosted via one credential | Require a separate package or credential per deployment |
—
Install
In your n8n instance go to Settings → Community Nodes → Install and enter:
n8n-nodes-signatrust
Or, in a self-hosted n8n:
npm install n8n-nodes-signatrust
Requires n8n >= 1.0 and Node.js >= 20.
—
Set up the credential
1. Sign up at sklive… API key it issues (shown once).
2. In n8n, create a new Signatrust API credential.
3. Pick the Connection Type:
– Signatrust Cloud (default) — Base URL is https://signatrust.net/api/v1/n8n, no further config needed.
– Self-Hosted Enterprise — Base URL field appears; set it to e.g. https://signatrust.your-company.com/api/v1/n8n.
4. Paste the API key.
5. Click Test — the node hits GET /ping against your endpoint; a green check means the credential resolved to a live, non-suspended agent.
—
Operations
Generate Decision Receipt
| Field | Required | Notes |
| — | — | — |
| Agent Name | yes | Display name of the AI agent that made the decision |
| Workflow Name | yes | Defaults to {{$workflow.name}} |
| Action Taken | yes | Short description of what the agent did |
| Decision Output | yes | The AI output. Only its SHA-256 hash is stored unless you opt in |
| AI Model / Provider / Version | no | e.g. gpt-4o / openai / 2025-08-01 |
| Input / Prompt | no | Raw prompt — only the hash is stored |
| Decision Type | no | Semantic label (e.g. loan_decision) |
| Risk Level | no | low · medium · high · critical |
| Human Review Took Place | no | Boolean |
| Policies / Permissions / Tags | no | Comma-separated lists |
| Include Raw Decision in Metadata | no | Off by default — opt in to persist the raw text |
| Receipt Mode | no | finaldecisiononly (default), everytoolcall, everyagentstep, custom |
| Trace ID / Step fields | no | Optional timeline controls (traceid, stepindex, steptype, stepname, tool_name) |
The node also automatically attaches workflowid, executionid and node_name from n8n’s execution context.
Response (handed to the next n8n step verbatim):
{
"ok": true,
"receipt_id": "STR-3525207773",
"sequence": 324,
"timestamp": "2026-06-26T15:20:26.592Z",
"hash": "sha256:3a58bff6...",
"signature": "fj9FpBMPgP...",
"public_key": "MCowBQYDK2VwAyEA0Cv4w...",
"algorithm": "ed25519",
"verify_url": "https://signatrust.net/api/v1/n8n/receipts/STR-3525207773/verify",
"share_url": "https://signatrust.net/verify?id=STR-3525207773",
"fetch_url": "https://signatrust.net/api/v1/n8n/receipts/STR-3525207773",
"trace": { "traceid": "exec123", "receiptmode": "everyagentstep", "stepcount": 4, "steps": [] },
"receipt": { "id": "STR-3525207773", "type": "decision_receipt", "...": "..." }
}
Verify Decision Receipt
Looks up a receipt by id and returns the four-pillar verdict used on the public verify portal:
{
"ok": true,
"receipt_id": "STR-3525207773",
"valid": true,
"signed": true,
"integrity": true,
"chain": true,
"checks": { "hashmatches": true, "signaturevalid": true, "chain_linked": true },
"errors": [],
"timestamp": "...",
"sequence": 324,
"share_url": "https://signatrust.net/verify?id=STR-3525207773"
}
Get Decision Receipt
Fetches the full canonical receipt body for archival, downstream signing, or to render inside Slack / Notion / your CRM alongside the original decision.
—
Example workflows
A minimal example workflow ships in this package as example-workflow.json. Three full recipes are documented at
24 ready-to-import workflows
A full, free library of 24 production-style workflows built on this node lives in a companion repo — every workflow seals its AI decision with a signed receipt, covering finance, payments, support, HR, healthcare, governance and verification utilities:
→ abokenan444/n8n-signatrust-workflows (browse the showcase)
Each workflow can be imported straight into n8n via Import from URL using the raw links listed in that repo’s README.
—
Release notes (0.3.5)
requestDefaults config from the programmatic node (n8n review fix); request headers are handled per-request via json: true and the credential’s X-API-Key authenticate block.Release notes (0.3.3)
finaldecisiononly, everytoolcall, everyagentstep, custom.traceid, stepindex, steptype, stepname, tool_name.—
Error handling
401 — missing or revoked API key402 — plan quota exceeded; response carries tier, used, limit, upgrade_url403 — agent suspended404 — receipt id not found (on Verify / Get)Enable Continue On Fail on the node to route over-quota or invalid-receipt errors to a fallback branch.
—
Links
—
Compatibility
>= 1.0.0>= 20—
License
MIT © Signatrust