Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.story.foundation/llms.txt

Use this file to discover all available pages before exploring further.

This reference tracks the Aeneid release of @piplabs/cdr-sdk (v0.2.1), available on npm.
The CDR SDK (@piplabs/cdr-sdk) provides a TypeScript client for interacting with Story’s Confidential Data Rails system. It handles threshold encryption, vault management, and on-chain access control.
LanguagePackageGitHub
TypeScript npm Code

Step-by-Step Guide

Learn CDR through a series of tutorials with the CDR SDK Integration Guide.

CDRClient

The main entry point. Provides access to three sub-clients: 
import { CDRClient } from "@piplabs/cdr-sdk";

const client = new CDRClient({
  network: "testnet",
  publicClient, // viem PublicClient
  walletClient, // optional viem WalletClient
  apiUrl: "http://172.192.41.96:1317", // Story-API REST endpoint
  // minThresholdRatio: 0.67, // optional threshold override, in [0, 1]
});

client.observer; // read-only queries
client.uploader; // encryption & vault allocation
client.consumer; // decryption & read requests

Current Surface Area

  • observer: vaults, fees, DKG state, validator registrations, and validator attestations
  • uploader: uploadCDR, uploadFile, allocate, write, and encryptDataKey
  • consumer: accessCDR, downloadFile, read, collectPartials, and decryptDataKey
  • crypto: low-level TDH2, ECIES, and SGX attestation verification helpers
The client also exposes high-level aliases:
  • createVault as an alias for uploadCDR
  • readVault as an alias for accessCDR
  • createFileVault as an alias for uploadFile
  • readFileVault as an alias for downloadFile

State Backends

The client reads from two backends:
BackendConfigured byPurpose
EVMpublicClientCDR contract state — vaults, fees, maxEncryptedDataSize, operational threshold
Story-API RESTapiUrlDKG state — active round, global public key, threshold, validators, attestations
The apiUrl is a required parameter. See Runtime Configuration for operational guidance and the optional minThresholdRatio override.

Attestation Utilities

The SDK also exposes SGX helper functions in the crypto module:
  • parseSgxQuote() to read MRENCLAVE, MRSIGNER, and securityVersion from a quote
  • verifyAttestation() to validate those fields against your expected values
Use them together with observer.getValidatorAttestations() when your application wants an explicit validator enclave allowlist check.

Sub-Clients

Observer

Read-only queries for vault data, fees, and DKG state.

Uploader

Encrypt data, upload encrypted files, and write to CDR vaults.

Consumer

Request decryption, download encrypted files, and recover plaintext.

Crypto Utilities

Crypto

Low-level TDH2 and ECIES cryptographic primitives.