feat: add Superagent Guard and Redact plugin (#92)

* add superagent guardrails plugin

* fix: restore step registry and integration types with superagent

Restored the auto-generated registry files to include all plugins
and added superagent guard/redact actions.

* Fix superagent redact entities validation and increase icon size

* fix: fail-safe validation for Superagent Guard API response

Add validation to ensure Guard step fails instead of defaulting to 'allow' when API response lacks expected structure. This prevents security bypasses from unexpected API responses.

Author: homanp

README.md

@@ -84,6 +84,7 @@ Visit [http://localhost:3000](http://localhost:3000) to get started.
 - **Linear**: Create Ticket, Find Issues
 - **Resend**: Send Email
 - **Slack**: Send Slack Message
+- **Superagent**: Guard, Redact
 - **v0**: Create Chat, Send Message
 <!-- PLUGINS:END -->
 

app/api/integrations/[integrationId]/test/route.ts

@@ -68,6 +68,11 @@ export async function POST(
           integration.config.firecrawlApiKey
         );
         break;
+      case "superagent":
+        result = await testSuperagentConnection(
+          integration.config.superagentApiKey
+        );
+        break;
       default:
         return NextResponse.json(
           { error: "Invalid integration type" },
@@ -281,3 +286,45 @@ async function testFirecrawlConnection(
     };
   }
 }
+
+async function testSuperagentConnection(
+  apiKey?: string
+): Promise<TestConnectionResult> {
+  try {
+    if (!apiKey) {
+      return {
+        status: "error",
+        message: "Superagent API Key is not configured",
+      };
+    }
+
+    const response = await fetch("https://app.superagent.sh/api/guard", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiKey}`,
+      },
+      body: JSON.stringify({
+        text: "Hello, this is a test message.",
+      }),
+    });
+
+    if (!response.ok) {
+      const error = await response.text();
+      return {
+        status: "error",
+        message: error || "Authentication failed",
+      };
+    }
+
+    return {
+      status: "success",
+      message: "Connected successfully",
+    };
+  } catch (error) {
+    return {
+      status: "error",
+      message: error instanceof Error ? error.message : "Connection failed",
+    };
+  }
+}

lib/step-registry.ts

@@ -7,7 +7,7 @@
  * This registry enables dynamic step imports that are statically analyzable
  * by the bundler. Each action type maps to its step importer function.
  *
- * Generated entries: 10
+ * Generated entries: 12
  */
 
 import "server-only";
@@ -93,6 +93,14 @@ export const PLUGIN_STEP_IMPORTERS: Record<string, StepImporter> = {
     importer: () => import("@/plugins/slack/steps/send-slack-message"),
     stepFunction: "sendSlackMessageStep",
   },
+  "superagent/guard": {
+    importer: () => import("@/plugins/superagent/steps/guard"),
+    stepFunction: "superagentGuardStep",
+  },
+  "superagent/redact": {
+    importer: () => import("@/plugins/superagent/steps/redact"),
+    stepFunction: "superagentRedactStep",
+  },
   "v0/create-chat": {
     importer: () => import("@/plugins/v0/steps/create-chat"),
     stepFunction: "createChatStep",
@@ -124,6 +132,8 @@ export const ACTION_LABELS: Record<string, string> = {
   "linear/find-issues": "Find Issues",
   "resend/send-email": "Send Email",
   "slack/send-message": "Send Slack Message",
+  "superagent/guard": "Guard",
+  "superagent/redact": "Redact",
   "v0/create-chat": "Create Chat",
   "v0/send-message": "Send Message",
   Scrape: "Scrape URL",

lib/types/integration.ts

@@ -9,7 +9,7 @@
  * 2. Add a system integration to SYSTEM_INTEGRATION_TYPES in discover-plugins.ts
  * 3. Run: pnpm discover-plugins
  *
- * Generated types: ai-gateway, database, firecrawl, linear, resend, slack, v0
+ * Generated types: ai-gateway, database, firecrawl, linear, resend, slack, superagent, v0
  */
 
 // Integration type union - plugins + system integrations
@@ -20,6 +20,7 @@ export type IntegrationType =
   | "linear"
   | "resend"
   | "slack"
+  | "superagent"
   | "v0";
 
 // Generic config type - plugins define their own keys via formFields[].configKey

plugins/index.ts

@@ -13,14 +13,15 @@
  * 1. Delete the plugin directory
  * 2. Run: pnpm discover-plugins (or it runs automatically on build)
  *
- * Discovered plugins: ai-gateway, firecrawl, linear, resend, slack, v0
+ * Discovered plugins: ai-gateway, firecrawl, linear, resend, slack, superagent, v0
  */
 
 import "./ai-gateway";
 import "./firecrawl";
 import "./linear";
 import "./resend";
 import "./slack";
+import "./superagent";
 import "./v0";
 
 export type {

plugins/superagent/codegen/guard.ts

@@ -0,0 +1,51 @@
+/**
+ * Code generation template for Superagent Guard action
+ * This template is used when exporting workflows to standalone Next.js projects
+ * It uses environment variables instead of integrationId
+ */
+export const guardCodegenTemplate = `export async function superagentGuardStep(input: {
+  text: string;
+}) {
+  "use step";
+
+  const response = await fetch("https://app.superagent.sh/api/guard", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: \`Bearer \${process.env.SUPERAGENT_API_KEY!}\`,
+    },
+    body: JSON.stringify({
+      text: input.text,
+    }),
+  });
+
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(\`Guard API error: \${error}\`);
+  }
+
+  const data = await response.json();
+  const choice = data.choices?.[0];
+  const content = choice?.message?.content;
+
+  // Validate response structure - fail safe instead of defaulting to "allow"
+  if (!content || typeof content !== "object") {
+    throw new Error(
+      "Invalid Guard API response: missing or invalid content structure"
+    );
+  }
+
+  const classification = content.classification;
+  if (!classification || (classification !== "allow" && classification !== "block")) {
+    throw new Error(
+      \`Invalid Guard API response: missing or invalid classification (received: \${JSON.stringify(classification)})\`
+    );
+  }
+
+  return {
+    classification,
+    violationTypes: content?.violation_types || [],
+    cweCodes: content?.cwe_codes || [],
+    reasoning: choice?.message?.reasoning,
+  };
+}`;

plugins/superagent/codegen/redact.ts

@@ -0,0 +1,58 @@
+/**
+ * Code generation template for Superagent Redact action
+ * This template is used when exporting workflows to standalone Next.js projects
+ * It uses environment variables instead of integrationId
+ */
+export const redactCodegenTemplate = `export async function superagentRedactStep(input: {
+  text: string;
+  entities?: string[] | string;
+}) {
+  "use step";
+
+  const body: { text: string; entities?: string[] } = {
+    text: input.text,
+  };
+
+  // Parse entities from string or array, filter out empty strings
+  if (input.entities) {
+    let entitiesArray: string[];
+    
+    if (typeof input.entities === "string") {
+      // Parse comma-separated string
+      entitiesArray = input.entities.split(",").map((e) => e.trim());
+    } else if (Array.isArray(input.entities)) {
+      entitiesArray = input.entities.map((e) => String(e).trim());
+    } else {
+      entitiesArray = [];
+    }
+    
+    // Filter out empty strings and ensure we have valid entities
+    const validEntities = entitiesArray.filter((e) => e.length > 0);
+    
+    if (validEntities.length > 0) {
+      body.entities = validEntities;
+    }
+  }
+
+  const response = await fetch("https://app.superagent.sh/api/redact", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: \`Bearer \${process.env.SUPERAGENT_API_KEY!}\`,
+    },
+    body: JSON.stringify(body),
+  });
+
+  if (!response.ok) {
+    const error = await response.text();
+    throw new Error(\`Redact API error: \${error}\`);
+  }
+
+  const data = await response.json();
+  const choice = data.choices?.[0];
+
+  return {
+    redactedText: choice?.message?.content || input.text,
+    reasoning: choice?.message?.reasoning,
+  };
+}`;

plugins/superagent/icon.tsx

@@ -0,0 +1,27 @@
+export function SuperagentIcon({ className }: { className?: string }) {
+  return (
+    <svg
+      aria-label="Superagent"
+      className={className}
+      width="48"
+      height="48"
+      viewBox="0 0 690 690"
+      fill="none"
+      xmlns="http://www.w3.org/2000/svg"
+    >
+      <title>Superagent</title>
+      <path
+        d="M331.167 126.514L660.346 456.95L331.167 383.373L331.167 126.514Z"
+        fill="#0671A2"
+      />
+      <path
+        d="M330.539 124L34.0258 456.949L330.539 380.307L330.539 124Z"
+        fill="#FDCCD1"
+      />
+      <path
+        d="M333.68 565L29.0002 455.692L333.68 381.564L654.12 455.692L333.68 565Z"
+        fill="#181818"
+      />
+    </svg>
+  );
+}

plugins/superagent/index.ts

@@ -0,0 +1,93 @@
+import type { IntegrationPlugin } from "../registry";
+import { registerIntegration } from "../registry";
+import { guardCodegenTemplate } from "./codegen/guard";
+import { redactCodegenTemplate } from "./codegen/redact";
+import { SuperagentIcon } from "./icon";
+
+const superagentPlugin: IntegrationPlugin = {
+  type: "superagent",
+  label: "Superagent",
+  description: "AI guardrails for prompt injection detection and PII redaction",
+
+  icon: SuperagentIcon,
+
+  formFields: [
+    {
+      id: "superagentApiKey",
+      label: "API Key",
+      type: "password",
+      placeholder: "sa-...",
+      configKey: "superagentApiKey",
+      envVar: "SUPERAGENT_API_KEY",
+      helpText: "Get your API key from ",
+      helpLink: {
+        text: "superagent.sh",
+        url: "https://app.superagent.sh",
+      },
+    },
+  ],
+
+  testConfig: {
+    getTestFunction: async () => {
+      const { testSuperagent } = await import("./test");
+      return testSuperagent;
+    },
+  },
+
+  actions: [
+    {
+      slug: "guard",
+      label: "Guard",
+      description:
+        "Detect prompt injection, system prompt extraction, or data exfiltration attempts",
+      category: "Superagent",
+      stepFunction: "superagentGuardStep",
+      stepImportPath: "guard",
+      configFields: [
+        {
+          key: "text",
+          label: "Text",
+          type: "template-textarea",
+          placeholder: "Text to analyze or {{NodeName.text}}",
+          example: "Analyze this user input for security threats",
+          required: true,
+          rows: 4,
+        },
+      ],
+      codegenTemplate: guardCodegenTemplate,
+    },
+    {
+      slug: "redact",
+      label: "Redact",
+      description:
+        "Remove sensitive information (PII/PHI) like SSNs, emails, and phone numbers from text",
+      category: "Superagent",
+      stepFunction: "superagentRedactStep",
+      stepImportPath: "redact",
+      configFields: [
+        {
+          key: "text",
+          label: "Text",
+          type: "template-textarea",
+          placeholder: "Text to redact or {{NodeName.text}}",
+          example: "My email is john@example.com and SSN is 123-45-6789",
+          required: true,
+          rows: 4,
+        },
+        {
+          key: "entities",
+          label: "Entity Types",
+          type: "text",
+          placeholder: "Optional: SSN, EMAIL, PHONE (comma-separated)",
+          example: "",
+        },
+      ],
+      codegenTemplate: redactCodegenTemplate,
+    },
+  ],
+};
+
+// Auto-register on import
+registerIntegration(superagentPlugin);
+
+export default superagentPlugin;