npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

leap360

v1.5.1

Published

Leap360 AI Governance SDK — trace, govern, and monitor AI agents across OpenAI, Anthropic, AWS Bedrock, Gemini, Mistral, and any LLM

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

abed1243123222222wabed1243123222222w

Keywords

aigovernancemonitoringtracingllmagentsobservabilityopenaigeminianthropicmistralgoogle-genaiaws-bedrockbedrockai-safetykill-switchpolicy-enforcementleap360

Readme

🛡️ Leap360 SDK: The AI Governance Layer

Leap360 is a production-grade governance and observability SDK for AI-native applications. It provides real-time telemetry, automated policy enforcement, and a global Kill Switch that can halt AI operations project-wide in under 2 seconds.

📦 Installation

npm install leap360

✅ Provider Support Matrix

| LLM SDK | Method | Auto-traced? | |---|---|---| | openai | Leap360.autoInit() or leap.wrapOpenAI() | ✅ Zero config | | @google/generative-ai | Leap360.autoInit() or leap.wrapGemini() | ✅ Zero config | | @google/genai (new SDK) | leap.wrapGoogleGenAI(client) | ✅ One line | | @anthropic-ai/sdk | leap.wrapAnthropic(client) | ✅ One line | | @aws-sdk/client-bedrock-runtime | leap.wrapBedrock(client) | ✅ One line | | Mistral / any other LLM | leap.traceCall({ fn, provider, model }) | ✅ Manual |

🚀 Quick Setup

npx leap360 setup

This saves your API key to ~/.leap360/config.json and .env. Then:

import { Leap360 } from 'leap360';
const leap = Leap360.autoInit({
  apiKey: process.env.LEAP360_API_KEY,
  projectId: 'my-project',
  serviceName: 'my-service',
});

🛠️ Integration Examples

OpenAI — Zero config (autoInit)

import { Leap360 } from 'leap360';
import OpenAI from 'openai';

Leap360.autoInit({
  apiKey: 'leap360_...',
  projectId: 'my-project',
  serviceName: 'chat-service',
});

// Every OpenAI call anywhere in your app is now auto-traced ✅
const openai = new OpenAI();
const res = await openai.chat.completions.create({
  model: 'gpt-4o',
  messages: [{ role: 'user', content: 'Hello!' }],
});

OpenAI — Explicit wrap

import { Leap360 } from 'leap360';
import OpenAI from 'openai';

const leap = new Leap360({ apiKey: 'leap360_...', projectId: 'my-project', serviceName: 'chat' });
const openai = leap.wrapOpenAI(new OpenAI());

const res = await openai.chat.completions.create({
  model: 'gpt-4o',
  messages: [{ role: 'user', content: 'Hello!' }],
});

Anthropic (Claude)

import { Leap360 } from 'leap360';
import Anthropic from '@anthropic-ai/sdk';

const leap = new Leap360({ apiKey: 'leap360_...', projectId: 'my-project', serviceName: 'claude-service' });
const anthropic = leap.wrapAnthropic(new Anthropic());

// All messages.create calls are now auto-traced ✅
const msg = await anthropic.messages.create({
  model: 'claude-3-5-sonnet-20241022',
  max_tokens: 1024,
  messages: [{ role: 'user', content: 'Explain AI governance.' }],
});
console.log(msg.content[0].text);

Note: Anthropic uses input_tokens / output_tokens in its response — Leap360 maps these automatically to prompt_tokens / completion_tokens in the dashboard.

Google Gemini (@google/generative-ai)

import { Leap360 } from 'leap360';
import { GoogleGenerativeAI } from '@google/generative-ai';

const leap = new Leap360({ apiKey: 'leap360_...', projectId: 'my-project', serviceName: 'gemini-service' });
const genAI = leap.wrapGemini(new GoogleGenerativeAI(process.env.GEMINI_API_KEY));

const model = genAI.getGenerativeModel({ model: 'gemini-2.0-flash' });
const result = await model.generateContent('Hello!');
console.log(result.response.text());

Google Gemini (@google/genai — new SDK)

import { Leap360 } from 'leap360';
import { GoogleGenAI } from '@google/genai';

const leap = new Leap360({ apiKey: 'leap360_...', projectId: 'my-project', serviceName: 'gemini-service' });
const ai = leap.wrapGoogleGenAI(new GoogleGenAI({ apiKey: process.env.GEMINI_API_KEY }));

const response = await ai.models.generateContent({
  model: 'gemini-2.0-flash',
  contents: 'Explain AI governance.',
});
console.log(response.text);

AWS Bedrock

import { Leap360 } from 'leap360';
import { BedrockRuntimeClient, ConverseCommand } from '@aws-sdk/client-bedrock-runtime';

const leap = new Leap360({ apiKey: 'leap360_...', projectId: 'my-project', serviceName: 'bedrock-service' });
const bedrock = leap.wrapBedrock(new BedrockRuntimeClient({ region: 'us-east-1' }));

// Works with any Bedrock model: Claude, Titan, Nova, Llama, Mistral, Cohere
const res = await bedrock.send(new ConverseCommand({
  modelId: 'amazon.nova-micro-v1:0',   // ✅ Enabled by default in all AWS accounts
  messages: [{ role: 'user', content: [{ text: 'Hello!' }] }],
}));
console.log(res.output.message.content[0].text);

Supported Bedrock models:

| Model family | Example model ID | On-demand? | |---|---|---| | Amazon Nova | amazon.nova-micro-v1:0 | ✅ Yes (all accounts) | | Amazon Nova | amazon.nova-lite-v1:0 | ✅ Yes (all accounts) | | Amazon Nova | amazon.nova-pro-v1:0 | ✅ Yes (all accounts) | | Anthropic Claude | anthropic.claude-3-5-sonnet-20241022-v2:0 | ⚠️ Provisioned throughput | | Meta Llama | meta.llama3-70b-instruct-v1:0 | ✅ Yes | | Mistral | mistral.mistral-large-2402-v1:0 | ✅ Yes | | Cohere | cohere.command-r-plus-v1:0 | ✅ Yes |

💡 New to Bedrock? See the full end-to-end test example in bedrock-test/ — runs 4 scenarios with real AWS calls and traces everything to your Leap360 dashboard.

Mistral / Any Other LLM — Manual traceCall

import { Leap360Client } from 'leap360';
import MistralClient from '@mistralai/mistralai';

const leap = new Leap360Client({ apiKey: 'leap360_...' });
const mistral = new MistralClient(process.env.MISTRAL_API_KEY);

const result = await leap.traceCall({
  provider: 'mistral',
  model: 'mistral-large-latest',
  fn: () => mistral.chat({ model: 'mistral-large-latest', messages: [{ role: 'user', content: 'Hello!' }] }),
  extractUsage: (res) => ({
    prompt_tokens:     res.usage.prompt_tokens,
    completion_tokens: res.usage.completion_tokens,
    total_tokens:      res.usage.total_tokens,
  }),
});

Named Agents (createAgent)

Tag all LLM calls with an agent name for per-agent cost and risk tracking:

const agent = leap.createAgent({ name: 'Legal-Compliance-Bot' });

await agent.run(async () => {
  // All LLM calls inside this block are tagged as 'Legal-Compliance-Bot' ✅
  const res = await openai.chat.completions.create({ model: 'gpt-4o', messages: [...] });
});

📖 API Reference

Leap360.autoInit(config)

| Option | Type | Description | |---|---|---| | apiKey | string | Your Leap360 API key | | projectId | string | Project ID from dashboard | | serviceName | string | Label for this service | | baseUrl | string | (Optional) Custom API endpoint |

Auto-detects and patches: OpenAI, @google/generative-ai, @anthropic-ai/sdk

leap.wrapOpenAI(client) → client

Wraps an openai OpenAI instance. All chat.completions.create calls are traced.

leap.wrapAnthropic(client) → client

Wraps an @anthropic-ai/sdk Anthropic instance. All messages.create calls are traced. Token fields (input_tokens/output_tokens) are mapped automatically.

leap.wrapBedrock(client) → client

Wraps an @aws-sdk/client-bedrock-runtime BedrockRuntimeClient. Intercepts send() for both ConverseCommand and InvokeModelCommand.

leap.wrapGemini(client) → client

Wraps a @google/generative-ai GoogleGenerativeAI instance.

leap.wrapGoogleGenAI(client) → client

Wraps a @google/genai GoogleGenAI instance (new SDK).

leap.traceCall(options) → result

Manually trace any LLM call. Options:

  • fn — async function to call
  • provider — e.g. 'mistral', 'cohere', 'groq'
  • model — model name string
  • extractUsage(result) — optional, return { prompt_tokens, completion_tokens, total_tokens }

leap.createAgent({ name }){ run(fn) }

Creates a named agent context. All calls inside agent.run(fn) are tagged with the agent name.

🛡️ Kill Switch

When autoInit is called, a background poller checks project/agent status every 15 seconds. If suspended:

Error: [Leap360] GOVERNANCE_HALT: AI interactions are suspended for this project.

Wrap LLM calls in try/catch to handle gracefully.

🔒 Security & Privacy

  • No proxy — your LLM traffic goes directly to the provider. Leap360 only receives metadata/telemetry out-of-band.
  • API key auth — set LEAP360_API_KEY env var or use npx leap360 login.

© 2026 Leap360. Automated AI Governance for the Agentic Era.

  1. Zero-Invasive Integration: Patch global prototypes to trace every LLM call in your app without changing a single line of your business logic.
  2. Hardened Resiliency: Our "Global Poller" heartbeat ensures that if a project is suspended in the dashboard, the SDK blocks outgoing LLM requests locally before they even transit the wire.
  3. Contextual Intelligence: Group calls into "Agents" (e.g., Legal-Bot, Finance-Bot) using createAgent to understand cost and risk distribution across your fleet.
  4. Universal Compatibility: Works in Node.js, Browsers, ESM, and CommonJS environments.

📦 Installation & Setup

npm install leap360

Quick Setup (Recommended)

Run the interactive setup command - no browser login required!

npx leap360 setup

This will:

  1. Prompt for your API key (get from https://leap360.ai/dashboard/settings)
  2. Set project ID and service name
  3. Save to ~/.leap360/config.json (SDK config)
  4. Create/update .env file with all variables
  5. Add Gemini API keys for policy evaluation

Example:

🔐  Leap360 Setup

   Enter your API key: leap360_09ff941583c7...
   Enter project ID (default: default): my-project
   Enter service name (default: my-service): api-service

✅  Configuration saved!
   → ~/.leap360/config.json
   → ./.env

Then in your code:

import { Leap360 } from 'leap360';
const leap = Leap360.autoInit(); // Loads from config files

🛠️ Integration Styles

1. The "Magic" 1-Line Integration (autoInit)

The fastest way to get started after running npx leap360 setup.

import { Leap360 } from 'leap360';

// Auto-loads from ~/.leap360/config.json and process.env
const leap = Leap360.autoInit();

// Or provide explicit config:
Leap360.autoInit({
  apiKey: 'leap360_...',
  projectId: 'my-production-app',
  serviceName: 'enterprise-fleet'
});

// Now, any OpenAI or Gemini call anywhere in your app is automatically governed!

2. The "Contextual" Agent Approach (createAgent)

Use this to tag calls with specific agent names. This uses AsyncLocalStorage (Node) or a fallback (Browser) to propagate context.

const agent = leap.createAgent({ name: 'Legal-Compliance-Bot' });

await agent.run(async () => {
  // All LLM calls inside this block are tagged as 'Legal-Compliance-Bot'
  const model = genAI.getGenerativeModel({ model: 'gemini-1.5-pro' });
  await model.generateContent("Analyze this contract...");
});

3. Manual Instance Wrapping

For developers who prefer explicit control over specific client instances.

const openai = leap.wrapOpenAI(new OpenAI());

// Legacy Google Generative AI
const genAI = leap.wrapGemini(new GoogleGenerativeAI(apiKey));

// NEW: Google GenAI Client (google-genai package)
import genai from 'google-genai';
const client = leap.wrapGoogleGenAI(new genai.Client());
const response = await client.models.generate_content({
  model: 'gemini-3-flash-preview',
  contents: 'Explain quantum computing'
});

4. Low-Level Manual Tracing (Leap360Client)

For non-standard models or custom wrappers where you want full control over the trace payload.

import { Leap360Client } from 'leap360';
const client = new Leap360Client({ apiKey: '...' });

const result = await client.traceCall({
  provider: 'anthropic',
  model: 'claude-3-opus',
  fn: async () => myCustomCall(),
  extractUsage: (res) => ({ prompt_tokens: 10, completion_tokens: 20, total_tokens: 30 })
});

🔍 Detailed Functionality

📡 Real-Time Kill Switch (The Heartbeat)

When autoInit is called, the SDK spawns a background poller that hits the Leap360 Governance API every 2 seconds.

  • Operation: If the API returns SUSPENDED, the SDK sets a global isHalted flag.
  • Enforcement: Every wrapped LLM call checks this flag before execution. If true, it throws a GOVERNANCE_HALT error.
  • Heartbeat Recovery: The moment a project is resumed in the dashboard, the 2s heartbeat detects the change and unblocks the SDK instantly.

🧪 Global Prototype Patching

The SDK uses a sophisticated patching strategy to find AI libraries regardless of how they are imported:

  1. Global Search: Checks globalThis for OpenAI or GoogleGenerativeAI.
  2. Dynamic ESM Import: Uses robust import() logic to locate and wrap prototypes after modules have loaded in modern ESM environments.
  3. Cross-Platform Storage: Uses node:async_hooks in Node.js for thread-safe context and a browser-safe fallback for frontend apps.

📊 Automated Telemetry

Every trace captured by Leap360 includes:

  • Latency: Precise millisecond timing of the round-trip.
  • Token Counting: Automatic extraction of usage stats from OpenAI and Gemini response metadata.
  • Payload Capture: Full request/response JSON (sanitized via backend policies).
  • Error Tracking: Capture stack traces and error messages for failed AI calls.

📖 API Reference

Leap360.autoInit(config: Leap360Config)

| Option | Type | Description | | :--- | :--- | :--- | | apiKey | string | Your project-scoped Leap360 API Key. | | projectId | string | The ID of the project in your dashboard. | | serviceName | string | A label for this specific deployment/service. | | baseUrl | string | (Optional) Custom governance API endpoint. |

agent.run(fn)

Wraps an async function in a context. Every LLM call triggered within the closure of fn will inherit the agent's properties.

traceCall(options)

Low-level wrapper for custom LLM interactions.

  • fn: The async function to execute.
  • extractUsage: A callback to parse tokens from the result.
  • metadata: Any custom JSON to attach to the trace.

🛡️ Errors & Handling

When the Kill Switch is active, the SDK throws a standard Error:

Error: [Leap360] GOVERNANCE_HALT: AI interactions are suspended for this project.

You should wrap your LLM calls in try/catch and handle this specific error to provide a fallback UX to your users.

🔒 Security & Privacy

  • Sanitization: Sensitive data can be filtered at the SDK level (using metadata overrides) or via Backend Policies in the Leap360 dashboard.
  • No-Proxy Architecture: Unlike other tools, Leap360 does not proxy your traffic through our servers. Your API keys and data transit directly to the provider; we only receive metadata/telemetry out-of-band.

© 2026 Leap360. Automated AI Governance for the Agentic Era.