Sub-clients — TypeScript SDK¶
Each sub-client wraps one domain of the NA HTTP API. Admin methods require
signingKeyBase64 + keyId to be set on the client. Public methods work
without credentials.
client.agreement¶
Wraps the Agreement domain (/admin/agreements/*, /agreements/verify).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Create and sign a capability offer |
|
yes |
Create and sign a counter-offer |
|
yes |
Accept an offer or counter → |
|
no |
Verify agreement signatures |
Constraint: accept requires the NA to hold an active recognition treaty
for responder_sovereign_id. Issue it first via POST /admin/recognition-treaties
(see Auth, Errors & Types — TypeScript SDK).
client.boundary¶
Wraps the Boundary domain (/admin/boundary/decide, /boundary/verify).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Issue a signed boundary decision for a capability |
|
no |
Verify a boundary decision signature |
client.evidence¶
Wraps the Trust Evidence domain (/admin/trust-evidence, /trust-evidence/verify).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Build and sign trust evidence from a |
|
no |
Verify trust evidence signatures |
Constraint: verdict must be one of "allow", "block", "escalate",
"warn". The value "trusted" is invalid and returns HTTP 422.
client.attestation¶
Wraps the Attestation domain (/admin/attestations, /admin/recognition-policy).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Issue a signed membership attestation |
|
yes |
Revoke an attestation by ID |
|
yes |
Set the active recognition policy |
Constraint — roles: must use a recognized prefix:
role:anchor, role:bridge, role:client, role:operator, role:service:<name>.
Bare names (e.g. "validator") return HTTP 422.
Constraint — savePolicy shape:
recognition_policy: {
local_sovereign_id: string;
recognized_issuers: RecognizedIssuer[];
}
client.disclosure¶
Wraps Selective Disclosure (/admin/disclosure/*, /disclosure/*).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Commit to a capability set (Merkle root) |
|
yes |
Issue a one-time nullifier for a proof |
|
no |
Generate a Merkle membership proof |
|
no |
Verify a capability membership proof |
client.consensus¶
Wraps Consensus (/admin/consensus/*, /consensus/verify).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Cast a validator vote signed by the NA |
|
yes |
Assemble a consensus proof from votes |
|
no |
Verify consensus proof and threshold |
client.dataUsage¶
Wraps Data Usage (/admin/data-usage/*, /data-usage/*).
Method |
Admin |
Description |
|---|---|---|
|
yes |
Create and sign a data license policy |
|
yes |
Create and sign a data access intent |
|
no |
Return the currently active data license policy |
|
no |
Verify an intent against a policy |
Constraint — DataSourceDescriptor requires source_id, source_type,
and owner_sovereign_id.
source_type must be one of "personal", "proprietary", "public",
"synthetic". Missing or wrong values return HTTP 422.