Signatrust for n8n — sign every AI decision in your workflow

Sign every AI decision in your n8n workflow.

n8n-nodes-signatrust is a small, focused community node that lets any n8n workflow generate, verify, or fetch a cryptographically signed Decision Receipt — against Signatrust Cloud or your self-hosted enterprise endpoint. Three operations. One credential. Privacy-first: raw prompts and outputs never leave your perimeter unless you opt in.

n8n ≥ 1.0 Cloud & self-hosted Ed25519 signed receipts

Three operations. That's the entire scope.

The node is intentionally narrow: it generates, verifies, and retrieves Decision Receipts. It is not a workflow-history dashboard, a log streamer, or an analytics backend — those are n8n Enterprise features. We do one thing: turn an AI decision into independently verifiable evidence.

Auth required

Generate Decision Receipt

Take an AI output, an action description, the workflow name and the agent name; receive back a sealed, Ed25519-signed receipt with a public verify URL.

POST /api/v1/n8n/receipts

Public

Verify Decision Receipt

Look up a receipt by ID and check signature validity, hash integrity, and chain linkage. Returns the four-pillar verdict used on the public /verify portal.

GET /api/v1/n8n/receipts/:id/verify

Public

Get Decision Receipt

Fetch the full canonical receipt body for archival, downstream signing, or to surface inside Slack / Notion / your CRM next to the original decision.

GET /api/v1/n8n/receipts/:id

What it does — and deliberately doesn't.

What this node does

Cryptographically signs the AI output you hand it (Ed25519 over canonical JSON).
Returns a receipt id, signature, hash, public verify URL, and the full receipt body.
Hashes raw inputs/outputs server-side when you don't pre-hash, never storing the raw content.
Verifies and retrieves any previously sealed receipt by id.
Works against Signatrust Cloud or your self-hosted enterprise endpoint via one credential.

What this node deliberately doesn't

Does not stream or persist your workflow execution logs.
Does not replace n8n Enterprise's Log Streaming, Extended Data Retention, Workflow Monitoring, Audit Logs, RBAC, or external secrets.
Does not require sending raw prompts, raw outputs or business data to Signatrust.
Does not embed analytics or telemetry; the only requests it makes are the three you trigger.

Three workflow recipes you can ship today.

Loan rejection → signed receipt → Slack

An OpenAI step decides a credit application. The Signatrust node seals the decision with policies: ["eu-ai-act-high-risk"] and human_review: true. Slack posts the verify URL into the credit team's channel.

OpenAI → Signatrust (generate) → Slack

Claude approval → receipt → CRM

A Claude tool-use call approves a refund. The receipt is generated, then attached to the customer record in HubSpot/Salesforce via an HTTP node alongside verify_url.

Claude → Signatrust (generate) → HubSpot

Inbound webhook → verify → branch

A counterparty sends you a Signatrust receipt id in a webhook. Verify it with the node; if valid === true, branch into your fulfilment workflow; otherwise route to manual review.

Webhook → Signatrust (verify) → IF → Fulfilment

End-to-end flow.

[ AI step (OpenAI / Anthropic / LangChain / HTTP) ]
                 |
                 v
[ Signatrust node — Generate Decision Receipt ]
        baseUrl: https://signatrust.net/api/v1/n8n
        headers: X-API-Key: sk_live_...
        body   : { agent_name, workflow_name, action, decision, ... }
                 |
                 v
{ ok, receipt_id, hash, signature, public_key,
  verify_url, share_url, receipt: { ...canonical receipt... } }
                 |
                 v
[ Slack / CRM / Database / Webhook / IF ... ]

FAQ.

Does this replace n8n Enterprise's audit and monitoring features?

No. n8n Enterprise's Log Streaming, Extended Data Retention, Workflow Monitoring, Audit Logs, RBAC and external secret stores are about operating your workflows safely. Signatrust is the trust layer for the AI decisions inside those workflows — cryptographic, independently verifiable evidence that one specific output came from one specific agent at one specific time. They are complementary.

Do my prompts or AI outputs leave my environment?

Only if you choose to send them. The node accepts pre-computed input_hash / output_hash values (SHA-256) so the raw content never leaves your perimeter. If you instead pass the raw input / decision strings, the server hashes them and stores only the hash — the raw text is discarded after hashing unless you explicitly set include_decision_in_metadata: true.

How do I point the node at my self-hosted Signatrust deployment?

Edit the Signatrust API credential in n8n and change the Base URL from https://signatrust.net/api/v1/n8n to your own endpoint (e.g. https://signatrust.your-domain.com/api/v1/n8n). The same node works against both Cloud and Enterprise self-hosted — no separate package, no separate credential type.

Where is the source code? Is it open?

The n8n node is MIT-licensed and open source on GitHub: github.com/abokenan444/Signatrust/tree/main/n8n-node. The Signatrust server is closed-source — the receipt specification (ADR v1.0) is fully open so receipts can be verified by any client without our software.

What happens when I run out of my plan's monthly decisions?

The node receives a 402 response with the plan tier, used count, limit and an upgrade URL. Hook the node to an n8n IF branch on the error output to route over-quota decisions to a fallback (human queue, second account, etc.).

Is the node verified by n8n?

The package follows the n8n Community Nodes guidelines (single purpose, no peer-dep on n8n, MIT license, declarative credential, clean operation surface). It has been submitted for verification; until that completes it installs as a standard community node via Settings → Community Nodes.