Component · sdk/
sdk
The typed TypeScript client most callers use. It wraps the REST API so code never hand-rolls HTTP or SSE, and re-exports the shared types so requests and responses are fully typed.
Role in the architecture#
A thin client of the control-plane REST API. It authenticates with an API key or a user JWT (sent as a Bearer token on every request, including the SSE stream) and returns the shared domain types directly.
Source
sdk/src/index.ts — exports EnclaveClient, SessionHandle, and EnclaveError.EnclaveClient#
Construct it with a baseUrl and an optional credential.
new EnclaveClient({ baseUrl, apiKey?, token?, fetch? })apiKey (an ek_… key) or token (a user JWT) is sent as Authorization: Bearer; if both are given, apiKey wins. fetch can be overridden for tests / non-browser runtimes.run(req: CreateSessionRequest): Promise<SessionHandle>get(id): Promise<Session> · list(): Promise<Session[]>result(id): Promise<SessionResult> · audit(id): Promise<AuditEvent[]>stream(id, signal?): AsyncGenerator<StreamFrame> · teardown(id): Promise<void>health(): Promise<{ ok, backend, backendHealthy }>SessionHandle#
run() returns a SessionHandle bound to one session id, so you don't thread the id through every call:
get id(): string · refresh(): Promise<Session>stream(signal?): AsyncGenerator<StreamFrame>result(): Promise<SessionResult>Consumes the stream until a terminal phase, then resolves the result.
audit(): Promise<AuditEvent[]> · teardown(): Promise<void>Example#
run.tsts
import { EnclaveClient } from "@enclave/sdk";
const enclave = new EnclaveClient({
baseUrl: "http://127.0.0.1:8088",
apiKey: process.env.ENCLAVE_API_KEY, // ek_<id>_<secret>
});
const session = await enclave.run({
code: `print("hi"); enclave.result({ ok: true })`,
language: "python",
egress: { mode: "deny_all", allow: [] },
});
for await (const frame of session.stream()) console.log(frame); // live SSE
const result = await session.result(); // structured
await session.teardown();