> ## Documentation Index
> Fetch the complete documentation index at: https://docs.story.foundation/llms.txt
> Use this file to discover all available pages before exploring further.

# CDR SDK Reference Overview

> A detailed description of every function in the CDR SDK

<Note>
  This reference tracks the Aeneid release of `@piplabs/cdr-sdk` (`v0.1.1`).
  The package is installable from source today and is not yet available on npm.
</Note>

The CDR SDK (`@piplabs/cdr-sdk`) provides a TypeScript client for interacting with Story's Confidential Data Rails system. It handles threshold encryption, vault management, and on-chain access control.

| Language                                                       | Package                                                                                                           | GitHub                                                                                                 |
| -------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ |
| <Icon icon="screwdriver-wrench" iconType="solid" /> TypeScript | <Icon icon="box-open" iconType="solid" /> [Source install](https://github.com/piplabs/cdr-sdk/releases/tag/0.1.1) | <Icon icon="arrow-up-right-from-square" iconType="solid" /> [Code](https://github.com/piplabs/cdr-sdk) |

***

<Card title="Step-by-Step Guide" icon="house" href="/developers/cdr-sdk">
  Learn CDR through a series of tutorials with the CDR SDK Integration Guide.
</Card>

## CDRClient

The main entry point. Provides access to three sub-clients:

```typescript theme={null}
import { CDRClient } from "@piplabs/cdr-sdk";

const client = new CDRClient({
  network: "testnet",
  publicClient, // viem PublicClient
  walletClient, // optional viem WalletClient
  dkgSource: "evm-events", // default
  // cometRpcUrl: "http://<comet-host>:26657", // only for cosmos-abci mode
  // validationRpcUrls: ["https://your-rpc-provider-2.example.com"],
});

client.observer; // read-only queries
client.uploader; // encryption & vault allocation
client.consumer; // decryption & read requests
```

## Current Surface Area

* `observer`: vaults, fees, DKG state, validator registrations, and validator
  attestations
* `uploader`: `uploadCDR`, `uploadFile`, `allocate`, `write`, and
  `encryptDataKey`
* `consumer`: `accessCDR`, `downloadFile`, `read`, `collectPartials`, and
  `decryptDataKey`
* `crypto`: low-level TDH2, ECIES, and SGX attestation verification helpers

`v0.1.1` also adds high-level aliases:

* `createVault` as an alias for `uploadCDR`
* `readVault` as an alias for `accessCDR`
* `createFileVault` as an alias for `uploadFile`
* `readFileVault` as an alias for `downloadFile`

## DKG Backends

The client supports two DKG backends:

| Backend       | Purpose                                 | Notes                                                        |
| ------------- | --------------------------------------- | ------------------------------------------------------------ |
| `evm-events`  | Reads DKG state from EVM logs           | Default and most portable                                    |
| `cosmos-abci` | Reads DKG state from the `x/dkg` keeper | Faster when you have a Comet RPC and accept that trust model |

When you use `cosmos-abci`, also set `cometRpcUrl`. If you call
`collectPartials()` directly in that mode, pass the same `requesterPubKey` used
for the read request. See
[Runtime Configuration](/developers/cdr-sdk/advanced-configuration#dkg-query-modes)
for the operational guidance.

## Attestation Utilities

The SDK also exposes SGX helper functions in the crypto module:

* `parseSgxQuote()` to read `MRENCLAVE`, `MRSIGNER`, and `securityVersion` from
  a quote
* `verifyAttestation()` to validate those fields against your expected values

Use them together with `observer.getValidatorAttestations()` when your
application wants an explicit validator enclave allowlist check.

## Sub-Clients

<CardGroup cols={3}>
  <Card title="Observer" icon="eye" href="/sdk-reference/cdr/observer">
    Read-only queries for vault data, fees, and DKG state.
  </Card>

  <Card title="Uploader" icon="lock" href="/sdk-reference/cdr/uploader">
    Encrypt data, upload encrypted files, and write to CDR vaults.
  </Card>

  <Card title="Consumer" icon="lock-open" href="/sdk-reference/cdr/consumer">
    Request decryption, download encrypted files, and recover plaintext.
  </Card>
</CardGroup>

## Crypto Utilities

<CardGroup cols={2}>
  <Card title="Crypto" icon="key" href="/sdk-reference/cdr/crypto">
    Low-level TDH2 and ECIES cryptographic primitives.
  </Card>
</CardGroup>