Integrations

Backend Integration

Integrate Lelu into any backend service. The Engine exposes a standard REST API, so it works with any language or framework. This guide covers Express, FastAPI, and raw Go.

Express (Node.js)

Use the TypeScript SDK as Express middleware to gate every route that performs a sensitive AI action.

npm

npm install lelu-agent-auth

middleware/lelu.ts

import { createClient } from "lelu-agent-auth";
import type { Request, Response, NextFunction } from "express";

const lelu = createClient({
  baseUrl: process.env.LELU_URL!,
  apiKey: process.env.LELU_API_KEY!,
});

export function leluGate(action: string) {
  return async (req: Request, res: Response, next: NextFunction) => {
    const decision = await lelu.authorize({
      tool: action,
      ...(req.body.confidence !== undefined
        ? { context: { confidence: req.body.confidence } }
        : {}),
    });

    if (decision.requiresHumanReview) {
      await lelu.waitForApproval(decision.requestId); // long-poll for approval
    }

    if (!decision.allowed) {
      return res.status(403).json({ error: "Action not authorized by Lelu" });
    }

    next();
  };
}

// Usage:
// app.post("/refund", leluGate("issue_refund"), refundHandler);

FastAPI (Python)

Use the Python SDK as a FastAPI dependency to authorize AI-driven actions.

pip

pip install lelu-agent-auth-sdk

dependencies/lelu.py

from fastapi import HTTPException, Depends
from lelu import LeluClient, AuthorizeRequest, AgentContext
import os

lelu = LeluClient(
    base_url=os.environ["LELU_URL"],
    api_key=os.environ["LELU_API_KEY"],
)

def require_lelu(action: str):
    async def dependency(confidence: float | None = None):
        ctx = AgentContext(confidence=confidence) if confidence is not None else None
        decision = await lelu.authorize(AuthorizeRequest(tool=action, context=ctx))
        # deny and human_review both block here; review additionally enqueues for approval.
        if not decision.allowed:
            raise HTTPException(status_code=403, detail=f"Action denied by Lelu: {decision.reason}")
    return Depends(dependency)

# Usage:
# @app.post("/delete-user")
# async def delete_user(_=require_lelu("delete_user")):
#     ...

Go (Raw HTTP)

Call the Engine REST API directly from any Go service with a simple helper function.

lelu/client.go

package lelu

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

type AuthRequest struct {
    Tool string `json:"tool"`
}

type AuthResponse struct {
    Decision  string `json:"decision"` // allow | deny | human_review | compute
    RequestID string `json:"requestId"`
    Reason    string `json:"reason"`
}

func Authorize(tool string) (*AuthResponse, error) {
    body, _ := json.Marshal(AuthRequest{Tool: tool})
    req, _ := http.NewRequest("POST", engineURL+"/api/v1/authorize", bytes.NewBuffer(body))
    req.Header.Set("Authorization", "Bearer "+apiKey)
    req.Header.Set("Content-Type", "application/json")

    resp, err := http.DefaultClient.Do(req)
    if err != nil {
        return nil, err
    }
    defer resp.Body.Close()

    var result AuthResponse
    json.NewDecoder(resp.Body).Decode(&result)
    return &result, nil
}

Previous: CLI & MCP Next: Next.js