Skip to main content
This reference tracks the Aeneid release of @piplabs/cdr-sdk (v0.1.1). The package is installable from source today and is not yet available on npm.
The CDR SDK (@piplabs/cdr-sdk) provides a TypeScript client for interacting with Story’s Confidential Data Rails system. It handles threshold encryption, vault management, and on-chain access control.
LanguagePackageGitHub
TypeScript Source install Code

Step-by-Step Guide

Learn CDR through a series of tutorials with the CDR SDK Integration Guide.

CDRClient

The main entry point. Provides access to three sub-clients: 
import { CDRClient } from "@piplabs/cdr-sdk";

const client = new CDRClient({
  network: "testnet",
  publicClient, // viem PublicClient
  walletClient, // optional viem WalletClient
  dkgSource: "evm-events", // default
  // cometRpcUrl: "http://<comet-host>:26657", // only for cosmos-abci mode
  // validationRpcUrls: ["https://your-rpc-provider-2.example.com"],
});

client.observer; // read-only queries
client.uploader; // encryption & vault allocation
client.consumer; // decryption & read requests

Current Surface Area

  • observer: vaults, fees, DKG state, validator registrations, and validator attestations
  • uploader: uploadCDR, uploadFile, allocate, write, and encryptDataKey
  • consumer: accessCDR, downloadFile, read, collectPartials, and decryptDataKey
  • crypto: low-level TDH2, ECIES, and SGX attestation verification helpers
v0.1.1 also adds high-level aliases:
  • createVault as an alias for uploadCDR
  • readVault as an alias for accessCDR
  • createFileVault as an alias for uploadFile
  • readFileVault as an alias for downloadFile

DKG Backends

The client supports two DKG backends:
BackendPurposeNotes
evm-eventsReads DKG state from EVM logsDefault and most portable
cosmos-abciReads DKG state from the x/dkg keeperFaster when you have a Comet RPC and accept that trust model
When you use cosmos-abci, also set cometRpcUrl. If you call collectPartials() directly in that mode, pass the same requesterPubKey used for the read request. See Runtime Configuration for the operational guidance.

Attestation Utilities

The SDK also exposes SGX helper functions in the crypto module:
  • parseSgxQuote() to read MRENCLAVE, MRSIGNER, and securityVersion from a quote
  • verifyAttestation() to validate those fields against your expected values
Use them together with observer.getValidatorAttestations() when your application wants an explicit validator enclave allowlist check.

Sub-Clients

Observer

Read-only queries for vault data, fees, and DKG state.

Uploader

Encrypt data, upload encrypted files, and write to CDR vaults.

Consumer

Request decryption, download encrypted files, and recover plaintext.

Crypto Utilities

Crypto

Low-level TDH2 and ECIES cryptographic primitives.