App SDKs
Each reference app ships as a typed SDK at @enc-protocol/<app>-cli — a class extending
AppSdk with a method per action and a method per read. The class,
its bundled manifests, and its routing are generated from the app's app.json /
schema.json definition, so the SDK surface always matches the app's RBAC manifests.
| App SDK | Class | Enclaves | Encrypted data_types |
|---|---|---|---|
| personal | PersonalSdk | Personal, Group | private (identity-aead) |
| dm | DmSdk | DM, Personal, Registry | messages (ratchet-pair), invites (ecdh-envelope) |
| group | GroupSdk | Group, Personal | messages (mls-lazy) |
| super | SuperSdk | DM, Group, Personal | messages (ratchet-pair) |
| registry | RegistrySdk | Registry | — |
| node | NodeSdk | all six | — |
Install
npm config set @enc-protocol:registry https://npm-registry.ocrybit.workers.dev/
npm install @enc-protocol/<app>-cliConstruct & init
new <App>Sdk(opts: {
mode: 'mem' | 'cf'
identity?: Identity // required for cf
nodeUrl?: string // cf (or set NODE_URL env)
repoRoot?: string // path to find apps/<id>/ + enclaves/
encHome?: string // state dir (defaults to ~/.enc)
forceReadable?: boolean // test-only Public-R escape (cf)
})const sdk = new PersonalSdk({ mode: 'cf', nodeUrl: process.env.NODE_URL, identity })
await sdk.init() // load app definition, register enclaves, wire the dataviewConstructor options are the standard AppSdk options; each
app SDK bundles its own manifests, so no appId is needed.
How a method routes
Each submit<DataType> / query<Read> resolves its data_type through the app's tableMap
to a concrete enclave.event:
super.submitMessages({...})
→ tableMap.messages = "message" → DM declares "message" → DM.messageBoth data_types and raw enclave event names are accepted.
Encryption
Apps with encrypted data_types call _encrypt(dataType, args) before submit, dispatching to
the named confidentiality plugin — identity-aead,
ratchet-pair, ecdh-envelope, or mls-lazy. The generated submit* methods pass the right
plugin automatically; override _encrypt only for custom envelope crypto.
Cross-enclave reads
cross_enclave: true reads (e.g. profiles, notices) are served by the
DataView — an in-memory projection that captures matching
events on a source enclave (per the app's cross_enclave_reads) and serves rows on query. In
production the same projection runs as a Cloudflare Durable Object + SQLite.
See also
@enc-protocol/cli-sdk-base— theAppSdk/AppClient/DataViewbase@enc-protocol/cli— theencbinary that drives these SDKs