01
Install the SDK
The vault SDK is the isomorphic client for identity, scoped access, and events. The CLI handles keys, builds, and publishing.
npm i @cef-ai/vault-sdk npm i -g @cef-ai/cli
02
Two identities, two keys
Your wallet key owns the vault. Your agent-service key publishes agents. The CLI generates the agent-service identity; agents only ever hold permissions derived from the wallet that grants them.
cef keypair generate # agent-service identity (ed25519) · keep the seed safe # your vault is owned by your wallet key, not this one
03
Claim a vault
Idempotent: one vault per wallet, bound to your public key on first contact with a conformant cluster.
import { VaultSDK, KeypairWallet } from "@cef-ai/vault-sdk" const wallet = await KeypairWallet.fromSeed(seed) // seed from your wallet key const sdk = new VaultSDK({ wallet }) await sdk.vault.ensure() // claim the vault, bound to your key
04
Request a grant, publish an event
A grant is a signed agreement: which scopes, for how long. The consent registry (GAR) verifies every access against it.
import { signAndSubmitAgreement } from "@cef-ai/vault-sdk" await signAndSubmitAgreement({ wallet, vault, manifest, scope: "calendar", gar }) // you sign the agreement, GAR records it · the grant const event = { type: "meeting.created", at: Date.now(), title: "Demo" } await sdk.vault.scope("calendar").publish(event) // → accepted: signed by your wallet, verified against the grant in GAR
05
Inspect the receipt
Your operation now exists as a signed activity record: data scope, compute burned, result hash. Attested records are what settlement pays on.
// what the record looks like → see "See a receipt" on the protocol page