# Framework Integration Map

Choose the right Mighty pattern for chat, uploads, backend APIs, serverless routes, and agent frameworks.

Source URL: https://trymighty.ai/docs/frameworks

Every framework integration is the same idea: scan on the server before trust.

The framework only changes where you put the helper.

Mighty flow: untrusted material -> POST /v1/scan -> route ALLOW, WARN, or BLOCK before trust.

## Choose Your Pattern

| Stack | Put Mighty here | Use this guide |
| --- | --- | --- |
| Vercel AI SDK chat | Inside `app/api/chat/route.ts`, before `streamText`, and before strict output returns. | [Vercel AI SDK](/docs/frameworks/vercel-ai-sdk) |
| Next.js uploads | Inside the upload Route Handler before storage, OCR, or extraction. | [Next.js file upload](/docs/frameworks/next-file-upload) |
| Backend API | In a server helper or middleware before the handler calls AI, OCR, storage, or tools. | [Backend API helpers](/docs/frameworks/node-python) |
| OpenAI SDK | Scan prompt before model call. Scan output before public display or automation. | [Backend API helpers](/docs/frameworks/node-python#openai-sdk-pattern) |
| LangChain | Scan user input before chain invocation. Scan retrieved docs and tool output before adding them to context. | [Backend API helpers](/docs/frameworks/node-python#langchain-and-llamaindex-pattern) |
| LlamaIndex | Scan query input, retrieved nodes, extracted text, and final response before trust. | [Backend API helpers](/docs/frameworks/node-python#langchain-and-llamaindex-pattern) |
| Async review | Submit `mode=comprehensive`, `async=true`, then poll or handle webhooks. | [Async scans](/docs/integrate/async-webhooks) |

## Integration Rules

- Keep `MIGHTY_API_KEY` on the server.
- Scan before the model, OCR, storage, workflow automation, payment, or agent action.
- Use `scan_phase=input` for submitted material.
- Use `scan_phase=output` for generated, extracted, summarized, or agent-created material.
- Reuse `scan_group_id` for related input, file, OCR, output, and review scans.
- Use `session_id` for the wider chat, claim, case, batch, or agent run.
- Route `ALLOW`, `WARN`, `BLOCK`, `indeterminate`, and async `pending`.
- Use safe fallback behavior when Mighty cannot be reached.

## Framework Traps

| Trap | Fix |
| --- | --- |
| Calling Mighty from browser code | Move scan calls to a server route. |
| Scanning only the initial prompt | Scan model output, tool output, OCR output, and extracted fields too. |
| Returning JSON from a `useChat` route that expects a UI message stream | For Vercel AI SDK streaming routes, return `toUIMessageStreamResponse` or `createUIMessageStreamResponse`. |
| Losing `scan_group_id` between upload and OCR | Persist it on the item, not only in logs. |
| Treating framework errors as safe | Fail closed or use review fallback for high-risk workflows. |

## AI-Agent Prompt

### Choose the Mighty framework pattern

```text
Choose the correct Mighty framework integration pattern.

Rules:
- Use server-side scan calls only.
- Put POST /v1/scan before AI, OCR, storage, workflow automation, payment, and agent action.
- Use the Vercel AI SDK route pattern for app/api/chat/route.ts.
- Use the Next.js upload route pattern for browser file uploads.
- Use the backend API helper for Node, Python, Express, FastAPI, Flask, Django, workers, queues, and custom APIs.
- For LangChain and LlamaIndex, scan before chain invocation, before retrieved content enters context, before tool output is reused, and before final output is shown.
- Preserve scan_id, request_id, scan_group_id, session_id, action, and risk_score.

Acceptance criteria:
- API key never reaches client code.
- Existing framework response shape is preserved.
- Tests cover ALLOW, WARN, BLOCK, and scan failure.
```