novu-framework-integration

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of official vendor packages (@novu/framework, @novu/api) and trusted libraries (zod, i18next, react-email) from the NPM registry.
  • [EXTERNAL_DOWNLOADS]: Utilizes official vendor tools including the Novu CLI via npx and GitHub Actions (novuhq/actions-novu-sync) for environment synchronization and CI/CD operations.
  • [COMMAND_EXECUTION]: Provides instructions for executing standard CLI tasks such as project initialization (npx novu init) and local development server management within a secure development workflow.
  • [SAFE]: Documents robust security features for the Bridge Endpoint, including default HMAC signature verification to authenticate requests from Novu Cloud.
  • [SAFE]: Employs multi-layer schema validation (Zod, JSON Schema, Class-Validator) for both trigger payloads and step controls to ensure data integrity and prevent injection of malformed data.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 03:50 PM
Security Audit — agent-trust-hub — novu-framework-integration