TypeScript SDK

The @dregg/sdk package provides ergonomic, type-safe TypeScript APIs for token management, zero-knowledge proofs, Merkle trees, Datalog authorization, and full runtime simulation. It wraps the dregg-wasm module (compiled from the Rust codebase) into idiomatic async APIs.

Canonical source: sdk-ts/ in the breadstuffs repo. A prior package at ts-sdk/ shared the same @dregg/sdk name but had no WASM coupling and has been archived as ts-sdk.archived/ (2026-05-25). Do not reference ts-sdk/ in new code.

The TypeScript SDK is not yet published to npm. The API described here reflects the intended design. For now, use the WASM bindings directly or the Rust SDK.

The TypeScript SDK is a thin wrapper around the WASM package. All cryptographic operations (STARK proofs, HMAC chains, Merkle trees) execute in the compiled WASM module at near-native speed. See WASM Playground for details on the underlying package.

Installation

# Not yet available on npm — build from source for now
npm install @dregg/sdk dregg-wasm

Both packages will be required: @dregg/sdk provides the TypeScript API layer, while dregg-wasm provides the compiled cryptographic core.

Quick Start

Initialize the WASM module, create a client, and perform the core token lifecycle (mint, attenuate, verify) in a few lines:

import init from "dregg-wasm";
import { DreggClient } from "@dregg/sdk";

// Initialize WASM and create client
const wasm = await init();
const client = await DreggClient.init(wasm);

// Mint a token
const token = await client.cclerk.mint("api-gateway");
console.log(token.token); // "em2_..."

// Attenuate (restrict) the token
const restricted = await client.cclerk.attenuate(token.token, {
  service: "api-gateway",
  actions: "read",
  expiresSecs: 3600,
});

// Verify
const result = await client.cclerk.verify(restricted.token, { action: "read" });
console.log(result.allowed); // true

Cipherclerk (Token Lifecycle)

The AgentCipherclerk class manages token minting, attenuation, and verification. It mirrors the Rust SDK's AgentCipherclerk API.

const cclerk = await AgentCipherclerk.create(wasm);

// Mint a root token for a service
const token = await cclerk.mint("my-service");

// Attenuate: restrict to read-only
const attenuated = await cclerk.attenuate(token.token, { actions: "read" });

// Verify against a request
const verified = await cclerk.verify(attenuated.token, { action: "read" });
console.log(verified.allowed); // true

STARK Proofs

The ProofEngine class generates and verifies STARK proofs, predicate proofs (ZK comparisons), and more.

const engine = new ProofEngine(wasm);

// Generate a STARK proof
const proof = await engine.generateStarkProof(42, 4);
const valid = await engine.verifyStarkProof(proof.proof_json);
console.log(valid); // true

Predicate Proofs (ZK Comparisons)

Prove a comparison without revealing the private value:

// Prove age >= 18 without revealing exact age
const proof = await engine.generatePredicateProof({
  predicateType: "gte",
  privateValue: 25,
  threshold: 18,
  attributeKey: "age",
  stateRoot: 12345,
});

Merkle Trees

The MerkleTree class provides root computation and membership/non-membership proofs over 4-ary BLAKE3 Merkle trees.

const tree = new MerkleTree(wasm);

// Compute the Merkle root of a set of leaves
const root = await tree.computeRoot(["alice", "bob", "carol"]);

// Generate a membership proof for "bob"
const proof = await tree.proveMembership(["alice", "bob", "carol"], "bob");

Datalog Authorization

The PredicateEvaluator class evaluates Datalog rules against a request context.

const evaluator = new PredicateEvaluator(wasm);

const result = await evaluator.evaluate(
  [
    { predicate: "member", terms: ["alice", "admin"] },
    { predicate: "permission", terms: ["admin", "read"] },
  ],
  { action: "read" }
);
console.log(result.allowed); // true

Runtime Simulation

The DreggRuntime class provides a full distributed system simulation: agents, transfers, federations, block proposals, and intents.

const runtime = client.createRuntime();

// Create agents with initial balances
const alice = await runtime.createAgent("alice", 1000);
const bob = await runtime.createAgent("bob", 500);

// Transfer between agents
const result = await runtime.executeTurn(alice.agent_index, [
  { type: "transfer", to: bob.cell_id, amount: 100 },
]);

// Create and manage federations
const fed = await runtime.createFederation("testnet", 4);
await runtime.proposeBlock(fed.fed_index, ["event1", "event2"]);

// Intent marketplace
const intent = await runtime.createIntent(
  alice.agent_index,
  "Need",
  [{ action: "read", resource: "docs/*" }],
  [{ Service: "storage" }],
  "",
  1716000000
);

// Clean up
runtime.destroy();

API Reference

Class	Purpose
`DreggClient`	Main entry point combining all subsystems
`AgentCipherclerk`	Token mint / attenuate / verify
`TokenOps`	Fold chains, BLAKE3 hashing, intent IDs
`ProofEngine`	STARK proofs, predicates, Schnorr, garbled circuits
`MerkleTree`	Root computation, membership/non-membership proofs
`PredicateEvaluator`	Datalog authorization engine
`DreggRuntime`	Full distributed system simulation: agents, cells, turns, federations, intents, peer exchange, block history

New in DreggRuntime (Refactors 3-7)

The following methods were added to DreggRuntime to match current WASM exports:

Method	WASM export	Purpose
`getTurnTrace(turnHashHex)`	`get_turn_trace`	Step-by-step execution trace for a committed turn
`registerPeer(…)`	`register_peer`	Anchor a peer cell to an initial commitment
`getPeerPubkey(agentIdx)`	`get_peer_pubkey`	Retrieve the agent's PeerExchange verifying key
`getPeerView(agentIdx, peerCellId)`	`get_peer_view`	Current commitment/sequence for a registered peer
`listPeers(agentIdx)`	`list_peers`	List all registered peer cell IDs
`createPeerTransition(…)`	`create_peer_transition`	Sign a state-transition (returns postcard bytes)
`decodePeerTransition(bytes)`	`decode_peer_transition`	Decode transition bytes to `PeerTransitionView`
`verifyPeerTransition(…)`	`verify_peer_transition`	Verify and apply a peer transition
`getFederationBlock(fedIndex, height)`	`get_federation_block`	Full block by 1-indexed height
`listFederationBlocks(fedIndex)`	`list_federation_blocks`	All finalized block headers
`createCell(ownerPkHex, balance)`	`create_cell`	Create a cell via genesis agent
`createAgentWithFactory(…)`	`create_agent_with_factory`	Mint an agent from a specific factory VK
`deployFactoryDescriptor(json)`	`deploy_factory_descriptor`	Deploy a factory descriptor; returns factory VK
`defaultFactoryVk()`	`default_factory_vk`	VK of the runtime's default test-cipherclerk factory
`getCellStateCommitment(cellId)`	`get_cell_state_commitment`	Current canonical state-commitment for a cell

Relationship to WASM

The TypeScript SDK is a convenience layer over the dregg-wasm package:

dregg-wasm is compiled from the Rust workspace using wasm-pack. It exposes low-level functions that operate on raw bytes and JSON-serialized structures.
@dregg/sdk wraps those functions into typed async methods, handles WASM initialization, manages memory lifecycle, and provides builder patterns for complex operations.
All cryptographic operations (HMAC chains, STARK proving/verifying, Merkle hashing) run inside the WASM module at near-native speed.
The same WASM module powers the browser playground -- the TS SDK just adds structure and type safety on top.

Next Steps

Tutorial: First App -- Build a complete API key management service (Rust)
Rust SDK Quickstart -- The full Rust API reference
WASM Playground -- Experiment in the browser
Token Lifecycle -- Deep dive into mint/attenuate/verify