# Express

URL: https://tailrace.dev/docs/integrations/express

> OpenAI-compatible Express middleware - scan chat bodies and SSE streams, return 422 on policy block.



Enforce data policy on OpenAI-compatible chat routes in Express. Scan request messages before upstream, scan JSON and SSE responses on the way back.

## Quickstart [#quickstart]

```ts
import { createTailrace } from "@tailrace/core";
import { tailraceExpress } from "@tailrace/express";
import express from "express";

const app = express();
const tailrace = createTailrace();

app.use(
  "/v1",
  express.json(),
  tailraceExpress(tailrace, {
    agent: (req) => String(req.headers["x-agent-id"] ?? "default"),
    workflowId: (req) => String(req.headers["x-workflow-id"] ?? "default"),
  }),
);
```

Peer: `express` `>=4`. Only `mode: "openai-compatible"` in v0.1.

## Boundaries covered [#boundaries-covered]

| Location                | Tailrace boundary                                   | Direction            |
| ----------------------- | --------------------------------------------------- | -------------------- |
| Chat request messages   | `{ kind: "model", provider }` (`model` field as-is) | Outbound to upstream |
| JSON chat completion    | same model boundary                                 | Inbound              |
| SSE `text/event-stream` | same; carry-buffer across chunks                    | Inbound              |

Block → **422** `{ error: { type: "policy_violation", entity, rule } }`. SSE: cancel upstream, emit one error `data:` event, close (abort-only; no `streamBlockBehavior` in v0.1).

## Guides [#guides]

* [Block secrets in an Express app](/docs/guides/block-secrets-in-express)
* [Boundaries](/docs/concepts/boundaries)

## Reference [#reference]

* [Express package](/docs/reference/express)
* [HTTP shared pipeline](/docs/reference/http)
