Start in two lines.

1 · Install the library
npm install @cyaxios/tn-proto
2 · Log safely
import * as tn from "@cyaxios/tn-proto";

// reads local keys + governance briefs automatically
await tn.init();

// sensitive fields are sealed before they hit disk
tn.info("order.placed", { order_id: o.id, email: user.email });
Hand it to your agent · install the MCP server
claude mcp add tn tn-mcp-server
Start free More editors & MCP setup → Docs
Protection you don’t feel.

Safer application logs.

pro·phy·lac·tic/ˌprō-fə-ˈlak-tik/adjective. Intended to prevent or protect against harm. Applied in advance.

Vibe code like there’s nothing between you and production. TN slips on before the first call. Every record wrapped, signed, sealed to the partners you choose. Ship fast. Stay clean.

tn init my-project
tn.log("order.placed", order_id=o.id, amount=o.total)

All the smoothness of print(). None of the exposure.

What changes

print() with the bytes covered.

Before
Stdout, untouched.
// one line, everything visible
print("order placed", order.id, user.email, user.card_last4)
stdout
order placed ord_8fKq alice@acme.com 4242
Everything in one stream. Every reader sees every field.
After
tn.log, per-reader.
# order_id is public, email in "pii", card in "payments"
tn.log("order.placed",
       order_id=order.id,
       email=user.email,
       card_last4=user.card_last4)
.tn/log/order.placed.ndjson
{"event":"order.placed",
 "ts":"2026-04-29T18:22:14Z",
 "order_id":"ord_8fKq",
 "pii": "eyJjdCI6IkFRSURCQVVHQ…",
 "payments": "eyJjdCI6IkNnc01EUTRQ…",
 "sig": "4mP9R7tYx…kQ2xJ9"}
Public stays in the clear. Sensitive groups sealed. The row is signed.
Share
Hand over a key, not the data.
# give the finance team access to "payments"
tn.grant("payments", to="finance@acme.com")
order.placed (finance view)
order_id ord_8fKq
email ●●●●●●●●●●●
card_last4 4242
Grant the column you want them to see. Revoke and the next entry goes dark.
What it does

Wrap every call.

Each call goes out wrapped before the bytes hit disk. Encrypted per reader. Signed at the source. You hold the grant list. None of it asks for your attention.

i.

Wrapped per reader.

Each field goes out wrapped to specific partners. Anyone else sees ciphertext.

ii.

Signed at the source.

Every entry carries a signature from your credential. Forgery doesn’t survive the next read.

iii.

You hold the grant list.

Add a partner. They decrypt forward from that moment. Revoke them and the next entry is unreadable.

iv.

Goes dark on revoke.

Lose a device, lose a teammate. Nothing written after the revoke ever opens.

The vault

Get a piece of mind.

Keys, not data. Held per project, on machines you choose, with you holding the recovery.

i.

Generated on your machine.

tn init runs the ceremony locally. The private half never leaves.

ii.

Wrapped before upload.

The SDK encrypts each keystore with your unlock secret. The vault receives ciphertext only.

iii.

Synced quietly.

Every rotation pushes new ciphertext up. Nothing for you to remember.

iv.

Restore anywhere.

Run tn wallet restore on a new box. Authenticate, unwrap, you’re back.

Zero-trust by design

What the vault never sees.

  • Your master keys, in the clear.
  • Your log entries. Your plaintext fields.
  • The vault is a backup, not a gatekeeper.
  • The SDK works without it. Always has. Always will.
Compliance

Audit-ready by default.

The controls a Data Protection Impact Assessment documents (encrypted, access-controlled, logged) are already running. Each maps to a GDPR article, and each is a fact an auditor can verify.

i.

Private by default.

A field is sealed to a named reader the moment you grant it. Privacy by design, as the resting state. Article 25.

ii.

Encrypted, signed, sealed.

Encrypted in transit and at rest, keys held as material only you can open, every record signed for integrity. Article 32.

iii.

Proof you can show.

Every grant, revoke and read lands in an attested log you can hand to an auditor. Accountability you can demonstrate. Articles 5 and 30.

iv.

Breach-ready by design.

Encrypted records and keys you hold meet the Article 34(3)(a) bar for unintelligible data (the strongest footing for any breach assessment). Articles 33 and 34.

Where TN fits in a DPIA →

Built for agents

Your agent already gets it.

Two commands and your agent ships TN code on the first try.

/plugin marketplace add cyaxios/tn-skills
/plugin install tn-logging@tn-skills

Figures out where TN belongs. Wraps the calls that handle private data. Leaves the rest alone.

Use it with your agent →

Pricing

Ship fast. Stay clean.

Hosted or self-hosted, same protocol. Free includes unlimited projects, encrypted backup + restore, the Chrome devtools extension, and the backup/restore web console. Pro adds the centralized analytics dashboard and administrative tools. Business adds data governance, CI workflow tools, and team ceremonies.

Self-hostedBYO infra Free$0 Pro$15 / yr FREE while in beta BusinessComing soon
Projects ceremonies, one per app Unlimited Unlimited Unlimited Unlimited
Backup + restore encrypted keystores, multi-device recovery You manage Included Included Included
Brute-force-assist decrypt recover which key matches a log entry DIY No Yes Yes
Web console for backups & restores No Included Included Included
Chrome devtools extension local developer tools No Included Included Included
Analytics dashboard centralized log telemetry views No No Included Included
Centralized administration grants, revokes, rotation You operate No Included Included
Data governance & workflows telemetry auditing, pre-commit CI linting, briefs DIY No No Included
Team membership shared ceremonies, assign keys to teammates DIY No No Yes
SLA Yours None 99.9% 99.95%
Support Community Community Email Priority + Slack
Self-host Start free Choose Pro Join waitlist

The vault never sees your logs. It holds your encrypted keystores. The SDK works identically with or without it.